From 469d9e54883fb5050791a8a9e2cf7c071f926d22 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:08 -0400 Subject: [PATCH 01/17] nfsd: fix heap overflow in NFSv4.0 LOCK replay cache jira KERNEL-943 cve CVE-2026-31402 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Jeff Layton commit 5133b61aaf437e5f25b1b396b14242a6bb0508e2 The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. This size was calculated based on OPEN responses and does not account for LOCK denied responses, which include the conflicting lock owner as a variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT). When a LOCK operation is denied due to a conflict with an existing lock that has a large owner, nfsd4_encode_operation() copies the full encoded response into the undersized replay buffer via read_bytes_from_xdr_buf() with no bounds check. This results in a slab-out-of-bounds write of up to 944 bytes past the end of the buffer, corrupting adjacent heap memory. This can be triggered remotely by an unauthenticated attacker with two cooperating NFSv4.0 clients: one sets a lock with a large owner string, then the other requests a conflicting lock to provoke the denial. We could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full opaque, but that would increase the size of every stateowner, when most lockowners are not that large. Instead, fix this by checking the encoded response length against NFSD4_REPLAY_ISIZE before copying into the replay buffer. If the response is too large, set rp_buflen to 0 to skip caching the replay payload. The status is still cached, and the client already received the correct response on the original request. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@kernel.org Reported-by: Nicholas Carlini Tested-by: Nicholas Carlini Signed-off-by: Jeff Layton Signed-off-by: Chuck Lever (cherry picked from commit 5133b61aaf437e5f25b1b396b14242a6bb0508e2) Signed-off-by: Jonathan Maple --- fs/nfsd/nfs4xdr.c | 9 +++++++-- fs/nfsd/state.h | 17 ++++++++++++----- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 9ceeb2d10c01b..7d768c789d55a 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -5937,9 +5937,14 @@ nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op) int len = xdr->buf->len - (op_status_offset + XDR_UNIT); so->so_replay.rp_status = op->status; - so->so_replay.rp_buflen = len; - read_bytes_from_xdr_buf(xdr->buf, op_status_offset + XDR_UNIT, + if (len <= NFSD4_REPLAY_ISIZE) { + so->so_replay.rp_buflen = len; + read_bytes_from_xdr_buf(xdr->buf, + op_status_offset + XDR_UNIT, so->so_replay.rp_buf, len); + } else { + so->so_replay.rp_buflen = 0; + } } status: op->status = nfsd4_map_status(op->status, diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h index e6a7620c74ff4..f3422478409f4 100644 --- a/fs/nfsd/state.h +++ b/fs/nfsd/state.h @@ -529,11 +529,18 @@ struct nfs4_client_reclaim { struct xdr_netobj cr_princhash; }; -/* A reasonable value for REPLAY_ISIZE was estimated as follows: - * The OPEN response, typically the largest, requires - * 4(status) + 8(stateid) + 20(changeinfo) + 4(rflags) + 8(verifier) + - * 4(deleg. type) + 8(deleg. stateid) + 4(deleg. recall flag) + - * 20(deleg. space limit) + ~32(deleg. ace) = 112 bytes +/* + * REPLAY_ISIZE is sized for an OPEN response with delegation: + * 4(status) + 8(stateid) + 20(changeinfo) + 4(rflags) + + * 8(verifier) + 4(deleg. type) + 8(deleg. stateid) + + * 4(deleg. recall flag) + 20(deleg. space limit) + + * ~32(deleg. ace) = 112 bytes + * + * Some responses can exceed this. A LOCK denial includes the conflicting + * lock owner, which can be up to 1024 bytes (NFS4_OPAQUE_LIMIT). Responses + * larger than REPLAY_ISIZE are not cached in rp_ibuf; only rp_status is + * saved. Enlarging this constant increases the size of every + * nfs4_stateowner. */ #define NFSD4_REPLAY_ISIZE 112 From 89f3af734b8401e7c1ffe69814205c7b06fabd1f Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:08 -0400 Subject: [PATCH 02/17] net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks jira KERNEL-943 cve CVE-2026-23270 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Victor Nogueira commit 11cb63b0d1a0685e0831ae3c77223e002ef18189 As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held by the defragmentation engine. As reported by GangMin Kim, if such packet is that may cause a UaF when the defrag engine later on tries to tuch again such packet." act_ct was never meant to be used in the egress path, however some users are attaching it to egress today [2]. Attempting to reach a middle ground, we noticed that, while most qdiscs are not handling TC_ACT_CONSUMED, clsact/ingress qdiscs are. With that in mind, we address the issue by only allowing act_ct to bind to clsact/ingress qdiscs and shared blocks. That way it's still possible to attach act_ct to egress (albeit only with clsact). [1] https://lore.kernel.org/netdev/674b8cbfc385c6f37fb29a1de08d8fe5c2b0fbee.1771321118.git.pabeni@redhat.com/ [2] https://lore.kernel.org/netdev/cc6bfb4a-4a2b-42d8-b9ce-7ef6644fb22b@ovn.org/ Reported-by: GangMin Kim Fixes: 3f14b377d01d ("net/sched: act_ct: fix skb leak and crash on ooo frags") CC: stable@vger.kernel.org Signed-off-by: Victor Nogueira Acked-by: Jamal Hadi Salim Link: https://patch.msgid.link/20260225134349.1287037-1-victor@mojatatu.com Signed-off-by: Jakub Kicinski (cherry picked from commit 11cb63b0d1a0685e0831ae3c77223e002ef18189) Signed-off-by: Jonathan Maple --- include/net/act_api.h | 1 + net/sched/act_ct.c | 6 ++++++ net/sched/cls_api.c | 7 +++++++ 3 files changed, 14 insertions(+) diff --git a/include/net/act_api.h b/include/net/act_api.h index 404df8557f6a1..e7f76ba4883fa 100644 --- a/include/net/act_api.h +++ b/include/net/act_api.h @@ -68,6 +68,7 @@ struct tc_action { #define TCA_ACT_FLAGS_REPLACE (1U << (TCA_ACT_FLAGS_USER_BITS + 2)) #define TCA_ACT_FLAGS_NO_RTNL (1U << (TCA_ACT_FLAGS_USER_BITS + 3)) #define TCA_ACT_FLAGS_AT_INGRESS (1U << (TCA_ACT_FLAGS_USER_BITS + 4)) +#define TCA_ACT_FLAGS_AT_INGRESS_OR_CLSACT (1U << (TCA_ACT_FLAGS_USER_BITS + 5)) /* Update lastuse only if needed, to avoid dirtying a cache line. * We use a temp variable to avoid fetching jiffies twice. diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index 2197eb6256580..945b64be4c1f1 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -1358,6 +1358,12 @@ static int tcf_ct_init(struct net *net, struct nlattr *nla, return -EINVAL; } + if (bind && !(flags & TCA_ACT_FLAGS_AT_INGRESS_OR_CLSACT)) { + NL_SET_ERR_MSG_MOD(extack, + "Attaching ct to a non ingress/clsact qdisc is unsupported"); + return -EOPNOTSUPP; + } + err = nla_parse_nested(tb, TCA_CT_MAX, nla, ct_policy, extack); if (err < 0) return err; diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index 5399a46f58dda..0d76e69171556 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -2228,6 +2228,11 @@ static bool is_qdisc_ingress(__u32 classid) return (TC_H_MIN(classid) == TC_H_MIN(TC_H_MIN_INGRESS)); } +static bool is_ingress_or_clsact(struct tcf_block *block, struct Qdisc *q) +{ + return tcf_block_shared(block) || (q && !!(q->flags & TCQ_F_INGRESS)); +} + static int tc_new_tfilter(struct sk_buff *skb, struct nlmsghdr *n, struct netlink_ext_ack *extack) { @@ -2420,6 +2425,8 @@ static int tc_new_tfilter(struct sk_buff *skb, struct nlmsghdr *n, flags |= TCA_ACT_FLAGS_NO_RTNL; if (is_qdisc_ingress(parent)) flags |= TCA_ACT_FLAGS_AT_INGRESS; + if (is_ingress_or_clsact(block, q)) + flags |= TCA_ACT_FLAGS_AT_INGRESS_OR_CLSACT; err = tp->ops->change(net, skb, tp, cl, t->tcm_handle, tca, &fh, flags, extack); if (err == 0) { From d1bebcd57a1846577cb27dcedcf9362ea57a11bb Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:09 -0400 Subject: [PATCH 03/17] net: bonding: fix use-after-free in bond_xmit_broadcast() jira KERNEL-943 cve CVE-2026-31419 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Xiang Mei commit 2884bf72fb8f03409e423397319205de48adca16 bond_xmit_broadcast() reuses the original skb for the last slave (determined by bond_is_last_slave()) and clones it for others. Concurrent slave enslave/release can mutate the slave list during RCU-protected iteration, changing which slave is "last" mid-loop. This causes the original skb to be double-consumed (double-freed). Replace the racy bond_is_last_slave() check with a simple index comparison (i + 1 == slaves_count) against the pre-snapshot slave count taken via READ_ONCE() before the loop. This preserves the zero-copy optimization for the last slave while making the "last" determination stable against concurrent list mutations. The UAF can trigger the following crash: ================================================================== BUG: KASAN: slab-use-after-free in skb_clone Read of size 8 at addr ffff888100ef8d40 by task exploit/147 CPU: 1 UID: 0 PID: 147 Comm: exploit Not tainted 7.0.0-rc3+ #4 PREEMPTLAZY Call Trace: dump_stack_lvl (lib/dump_stack.c:123) print_report (mm/kasan/report.c:379 mm/kasan/report.c:482) kasan_report (mm/kasan/report.c:597) skb_clone (include/linux/skbuff.h:1724 include/linux/skbuff.h:1792 include/linux/skbuff.h:3396 net/core/skbuff.c:2108) bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5334) bond_start_xmit (drivers/net/bonding/bond_main.c:5567 drivers/net/bonding/bond_main.c:5593) dev_hard_start_xmit (include/linux/netdevice.h:5325 include/linux/netdevice.h:5334 net/core/dev.c:3871 net/core/dev.c:3887) __dev_queue_xmit (include/linux/netdevice.h:3601 net/core/dev.c:4838) ip6_finish_output2 (include/net/neighbour.h:540 include/net/neighbour.h:554 net/ipv6/ip6_output.c:136) ip6_finish_output (net/ipv6/ip6_output.c:208 net/ipv6/ip6_output.c:219) ip6_output (net/ipv6/ip6_output.c:250) ip6_send_skb (net/ipv6/ip6_output.c:1985) udp_v6_send_skb (net/ipv6/udp.c:1442) udpv6_sendmsg (net/ipv6/udp.c:1733) __sys_sendto (net/socket.c:730 net/socket.c:742 net/socket.c:2206) __x64_sys_sendto (net/socket.c:2209) do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Allocated by task 147: Freed by task 147: The buggy address belongs to the object at ffff888100ef8c80 which belongs to the cache skbuff_head_cache of size 224 The buggy address is located 192 bytes inside of freed 224-byte region [ffff888100ef8c80, ffff888100ef8d60) Memory state around the buggy address: ffff888100ef8c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc ffff888100ef8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888100ef8d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ^ ffff888100ef8d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ffff888100ef8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Fixes: 4e5bd03ae346 ("net: bonding: fix bond_xmit_broadcast return value error bug") Reported-by: Weiming Shi Signed-off-by: Xiang Mei Link: https://patch.msgid.link/20260326075553.3960562-1-xmei5@asu.edu Signed-off-by: Paolo Abeni (cherry picked from commit 2884bf72fb8f03409e423397319205de48adca16) Signed-off-by: Jonathan Maple --- drivers/net/bonding/bond_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index d95ae1c281886..13efbed58915f 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -5393,7 +5393,7 @@ static netdev_tx_t bond_xmit_broadcast(struct sk_buff *skb, if (!(bond_slave_is_up(slave) && slave->link == BOND_LINK_UP)) continue; - if (bond_is_last_slave(bond, slave)) { + if (i + 1 == slaves_count) { skb2 = skb; skb_used = true; } else { From 96082986f16e1ecf51e21a50477bf7023d18626c Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:09 -0400 Subject: [PATCH 04/17] thunderbolt: Use wake on connect and disconnect over suspend jira KERNEL-943 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Mario Limonciello commit 4bfeea6ec1c0241a6c856ed1694a72a8cbaa8494 Wake on connect is useful for being able to wake up a suspended laptop without opening the lid by plugging into a dock. Add the default policy to the USB4 router when wakeup is enabled for the router. Behavior for individual ports can be controlled by port wakeup settings. Cc: Opal Voravootivat Cc: Raul Rangel Cc: Utkarsh Patel Cc: Richard Gong Cc: Sanath S Link: https://lore.kernel.org/linux-usb/20250410042723.GU3152277@black.fi.intel.com/T/#m0249e8c0e1c77ec92a44a3d6c8b4a8e5a9b7114e Signed-off-by: Mario Limonciello Signed-off-by: Mika Westerberg (cherry picked from commit 4bfeea6ec1c0241a6c856ed1694a72a8cbaa8494) Signed-off-by: Jonathan Maple --- drivers/thunderbolt/switch.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index 6a2116cbb06f9..28febb95f8fa1 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -3599,6 +3599,7 @@ void tb_switch_suspend(struct tb_switch *sw, bool runtime) flags |= TB_WAKE_ON_USB4; flags |= TB_WAKE_ON_USB3 | TB_WAKE_ON_PCIE | TB_WAKE_ON_DP; } else if (device_may_wakeup(&sw->dev)) { + flags |= TB_WAKE_ON_CONNECT | TB_WAKE_ON_DISCONNECT; flags |= TB_WAKE_ON_USB4 | TB_WAKE_ON_USB3 | TB_WAKE_ON_PCIE; } From 91ec31c0c1faaf1d3b0eac7ffe0f7f03f3dcc23b Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:09 -0400 Subject: [PATCH 05/17] thunderbolt: Fix a logic error in wake on connect jira KERNEL-943 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Mario Limonciello commit 1a760d10ded372d113a0410c42be246315bbc2ff commit a5cfc9d65879c ("thunderbolt: Add wake on connect/disconnect on USB4 ports") introduced a sysfs file to control wake up policy for a given USB4 port that defaulted to disabled. However when testing commit 4bfeea6ec1c02 ("thunderbolt: Use wake on connect and disconnect over suspend") I found that it was working even without making changes to the power/wakeup file (which defaults to disabled). This is because of a logic error doing a bitwise or of the wake-on-connect flag with device_may_wakeup() which should have been a logical AND. Adjust the logic so that policy is only applied when wakeup is actually enabled. Fixes: a5cfc9d65879c ("thunderbolt: Add wake on connect/disconnect on USB4 ports") Signed-off-by: Mario Limonciello Signed-off-by: Mika Westerberg (cherry picked from commit 1a760d10ded372d113a0410c42be246315bbc2ff) Signed-off-by: Jonathan Maple --- drivers/thunderbolt/usb4.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index e51d01671d8e7..3e96f1afd4268 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -440,10 +440,10 @@ int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) bool configured = val & PORT_CS_19_PC; usb4 = port->usb4; - if (((flags & TB_WAKE_ON_CONNECT) | + if (((flags & TB_WAKE_ON_CONNECT) && device_may_wakeup(&usb4->dev)) && !configured) val |= PORT_CS_19_WOC; - if (((flags & TB_WAKE_ON_DISCONNECT) | + if (((flags & TB_WAKE_ON_DISCONNECT) && device_may_wakeup(&usb4->dev)) && configured) val |= PORT_CS_19_WOD; if ((flags & TB_WAKE_ON_USB4) && configured) From 5abd2b4f143b014e6f6d1e0eec36e4fda11cf186 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:10 -0400 Subject: [PATCH 06/17] thunderbolt: Fix wake on connect at runtime jira KERNEL-943 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Mario Limonciello commit 58d71d4242ce057955c783a14c82270c71f9e1e8 commit 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") fixated on the USB4 port sysfs wakeup file not working properly to control policy, but it had an unintended side effect that the sysfs file controls policy both at runtime and at suspend time. The sysfs file is supposed to only control behavior while system is suspended. Pass whether programming a port for runtime into usb4_switch_set_wake() and if runtime then ignore the value in the sysfs file. Cc: stable@vger.kernel.org Reported-by: Alexander Kovacs Tested-by: Alexander Kovacs Fixes: 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") Signed-off-by: Mario Limonciello Signed-off-by: Mika Westerberg (cherry picked from commit 58d71d4242ce057955c783a14c82270c71f9e1e8) Signed-off-by: Jonathan Maple --- drivers/thunderbolt/switch.c | 8 ++++---- drivers/thunderbolt/tb.h | 2 +- drivers/thunderbolt/usb4.c | 12 +++++------- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index 28febb95f8fa1..e9809fb57c354 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -3437,7 +3437,7 @@ void tb_sw_set_unplugged(struct tb_switch *sw) } } -static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) +static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { if (flags) tb_sw_dbg(sw, "enabling wakeup: %#x\n", flags); @@ -3445,7 +3445,7 @@ static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) tb_sw_dbg(sw, "disabling wakeup\n"); if (tb_switch_is_usb4(sw)) - return usb4_switch_set_wake(sw, flags); + return usb4_switch_set_wake(sw, flags, runtime); return tb_lc_set_wake(sw, flags); } @@ -3521,7 +3521,7 @@ int tb_switch_resume(struct tb_switch *sw, bool runtime) tb_switch_check_wakes(sw); /* Disable wakes */ - tb_switch_set_wake(sw, 0); + tb_switch_set_wake(sw, 0, true); err = tb_switch_tmu_init(sw); if (err) @@ -3603,7 +3603,7 @@ void tb_switch_suspend(struct tb_switch *sw, bool runtime) flags |= TB_WAKE_ON_USB4 | TB_WAKE_ON_USB3 | TB_WAKE_ON_PCIE; } - tb_switch_set_wake(sw, flags); + tb_switch_set_wake(sw, flags, runtime); if (tb_switch_is_usb4(sw)) usb4_switch_set_sleep(sw); diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h index b54147a1ba877..d14381eb54067 100644 --- a/drivers/thunderbolt/tb.h +++ b/drivers/thunderbolt/tb.h @@ -1304,7 +1304,7 @@ int usb4_switch_read_uid(struct tb_switch *sw, u64 *uid); int usb4_switch_drom_read(struct tb_switch *sw, unsigned int address, void *buf, size_t size); bool usb4_switch_lane_bonding_possible(struct tb_switch *sw); -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags); +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime); int usb4_switch_set_sleep(struct tb_switch *sw); int usb4_switch_nvm_sector_size(struct tb_switch *sw); int usb4_switch_nvm_read(struct tb_switch *sw, unsigned int address, void *buf, diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index 3e96f1afd4268..cc05211f269ce 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -403,12 +403,12 @@ bool usb4_switch_lane_bonding_possible(struct tb_switch *sw) * usb4_switch_set_wake() - Enabled/disable wake * @sw: USB4 router * @flags: Wakeup flags (%0 to disable) + * @runtime: Wake is being programmed during system runtime * * Enables/disables router to wake up from sleep. */ -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { - struct usb4_port *usb4; struct tb_port *port; u64 route = tb_route(sw); u32 val; @@ -438,13 +438,11 @@ int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) val |= PORT_CS_19_WOU4; } else { bool configured = val & PORT_CS_19_PC; - usb4 = port->usb4; + bool wakeup = runtime || device_may_wakeup(&port->usb4->dev); - if (((flags & TB_WAKE_ON_CONNECT) && - device_may_wakeup(&usb4->dev)) && !configured) + if ((flags & TB_WAKE_ON_CONNECT) && wakeup && !configured) val |= PORT_CS_19_WOC; - if (((flags & TB_WAKE_ON_DISCONNECT) && - device_may_wakeup(&usb4->dev)) && configured) + if ((flags & TB_WAKE_ON_DISCONNECT) && wakeup && configured) val |= PORT_CS_19_WOD; if ((flags & TB_WAKE_ON_USB4) && configured) val |= PORT_CS_19_WOU4; From 3f9f0d81d7209afb2727ed3d74d4c2ec72c7f9a3 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:10 -0400 Subject: [PATCH 07/17] crypto: af-alg - fix NULL pointer dereference in scatterwalk jira KERNEL-943 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Norbert Szetei commit 62397b493e14107ae82d8b80938f293d95425bcb The AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL) when chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL exactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent sendmsg() allocates a new SGL and chains it, but fails to clear the end marker on the previous SGL's last data entry. This causes the crypto scatterwalk to hit a premature end, returning NULL on sg_next() and leading to a kernel panic during dereference. Fix this by explicitly unmarking the end of the previous SGL when performing sg_chain() in af_alg_alloc_tsgl(). Fixes: 8ff590903d5f ("crypto: algif_skcipher - User-space interface for skcipher operations") Signed-off-by: Norbert Szetei Signed-off-by: Herbert Xu (cherry picked from commit 62397b493e14107ae82d8b80938f293d95425bcb) Signed-off-by: Jonathan Maple --- crypto/af_alg.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 0da7c1ac778a0..1594a2dd92223 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -623,8 +623,10 @@ static int af_alg_alloc_tsgl(struct sock *sk) sg_init_table(sgl->sg, MAX_SGL_ENTS + 1); sgl->cur = 0; - if (sg) + if (sg) { + sg_unmark_end(sg + MAX_SGL_ENTS - 1); sg_chain(sg, MAX_SGL_ENTS + 1, sgl->sg); + } list_add_tail(&sgl->list, &ctx->tsgl_list); } From b0b34affc3a73332354793daa3fc1fdd94e1f529 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:11 -0400 Subject: [PATCH 08/17] crypto: algif_aead - Revert to operating out-of-place jira KERNEL-943 cve CVE-2026-31431 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Herbert Xu commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/a664bf3d.failed This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. Fixes: 72548b093ee3 ("crypto: algif_aead - copy AAD from src to dst") Reported-by: Taeyang Lee <0wn@theori.io> Signed-off-by: Herbert Xu (cherry picked from commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5) Signed-off-by: Jonathan Maple # Conflicts: # crypto/algif_aead.c --- .../a664bf3d.failed | 298 ++++++++++++++++++ 1 file changed, 298 insertions(+) create mode 100644 ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/a664bf3d.failed diff --git a/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/a664bf3d.failed b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/a664bf3d.failed new file mode 100644 index 0000000000000..c9d847a8b0759 --- /dev/null +++ b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/a664bf3d.failed @@ -0,0 +1,298 @@ +crypto: algif_aead - Revert to operating out-of-place + +jira KERNEL-943 +cve CVE-2026-31431 +Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 +commit-author Herbert Xu +commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 +Empty-Commit: Cherry-Pick Conflicts during history rebuild. +Will be included in final tarball splat. Ref for failed cherry-pick at: +ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/a664bf3d.failed + +This mostly reverts commit 72548b093ee3 except for the copying of +the associated data. + +There is no benefit in operating in-place in algif_aead since the +source and destination come from different mappings. Get rid of +all the complexity added for in-place operation and just copy the +AD directly. + +Fixes: 72548b093ee3 ("crypto: algif_aead - copy AAD from src to dst") + Reported-by: Taeyang Lee <0wn@theori.io> + Signed-off-by: Herbert Xu +(cherry picked from commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5) + Signed-off-by: Jonathan Maple + +# Conflicts: +# crypto/algif_aead.c +diff --cc crypto/algif_aead.c +index 7d58cbbce4af,dda15bb05e89..000000000000 +--- a/crypto/algif_aead.c ++++ b/crypto/algif_aead.c +@@@ -26,8 -26,6 +26,11 @@@ + #include + #include + #include +++<<<<<<< HEAD + +#include + +#include +++======= +++>>>>>>> a664bf3d603d (crypto: algif_aead - Revert to operating out-of-place) + #include + #include + #include +@@@ -93,12 -70,9 +96,16 @@@ static int _aead_recvmsg(struct socket + struct sock *psk = ask->parent; + struct alg_sock *pask = alg_sk(psk); + struct af_alg_ctx *ctx = ask->private; +++<<<<<<< HEAD + + struct aead_tfm *aeadc = pask->private; + + struct crypto_aead *tfm = aeadc->aead; + + struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm; + + unsigned int i, as = crypto_aead_authsize(tfm); +++======= ++ struct crypto_aead *tfm = pask->private; ++ unsigned int as = crypto_aead_authsize(tfm); +++>>>>>>> a664bf3d603d (crypto: algif_aead - Revert to operating out-of-place) + struct af_alg_async_req *areq; +- struct af_alg_tsgl *tsgl, *tmp; + struct scatterlist *rsgl_src, *tsgl_src = NULL; + int err = 0; + size_t used = 0; /* [in] TX bufs to be en/decrypted */ +@@@ -212,74 -183,10 +216,78 @@@ + /* Use the RX SGL as source (and destination) for crypto op. */ + rsgl_src = areq->first_rsgl.sgl.sgt.sgl; + +++<<<<<<< HEAD + + if (ctx->enc) { + + /* + + * Encryption operation - The in-place cipher operation is + + * achieved by the following operation: + + * + + * TX SGL: AAD || PT + + * | | + + * | copy | + + * v v + + * RX SGL: AAD || PT || Tag + + */ + + err = crypto_aead_copy_sgl(null_tfm, tsgl_src, + + areq->first_rsgl.sgl.sgt.sgl, + + processed); + + if (err) + + goto free; + + af_alg_pull_tsgl(sk, processed, NULL, 0); + + } else { + + /* + + * Decryption operation - To achieve an in-place cipher + + * operation, the following SGL structure is used: + + * + + * TX SGL: AAD || CT || Tag + + * | | ^ + + * | copy | | Create SGL link. + + * v v | + + * RX SGL: AAD || CT ----+ + + */ + + + + /* Copy AAD || CT to RX SGL buffer for in-place operation. */ + + err = crypto_aead_copy_sgl(null_tfm, tsgl_src, + + areq->first_rsgl.sgl.sgt.sgl, + + outlen); + + if (err) + + goto free; + + + + /* Create TX SGL for tag and chain it to RX SGL. */ + + areq->tsgl_entries = af_alg_count_tsgl(sk, processed, + + processed - as); + + if (!areq->tsgl_entries) + + areq->tsgl_entries = 1; + + areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), + + areq->tsgl_entries), + + GFP_KERNEL); + + if (!areq->tsgl) { + + err = -ENOMEM; + + goto free; + + } + + sg_init_table(areq->tsgl, areq->tsgl_entries); + + + + /* Release TX SGL, except for tag data and reassign tag data. */ + + af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as); + + + + /* chain the areq TX SGL holding the tag with RX SGL */ + + if (usedpages) { + + /* RX SGL present */ + + struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl; + + struct scatterlist *sg = sgl_prev->sgt.sgl; + + + + sg_unmark_end(sg + sgl_prev->sgt.nents - 1); + + sg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl); + + } else + + /* no RX SGL present (e.g. authentication only) */ + + rsgl_src = areq->tsgl; + + } +++======= ++ memcpy_sglist(rsgl_src, tsgl_src, ctx->aead_assoclen); +++>>>>>>> a664bf3d603d (crypto: algif_aead - Revert to operating out-of-place) + + /* Initialize the crypto operation */ +- aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src, ++ aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src, + areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv); + aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen); + aead_request_set_tfm(&areq->cra_u.aead_req, tfm); +@@@ -510,11 -385,10 +518,11 @@@ static void aead_sock_destruct(struct s + struct af_alg_ctx *ctx = ask->private; + struct sock *psk = ask->parent; + struct alg_sock *pask = alg_sk(psk); + - struct crypto_aead *tfm = pask->private; + + struct aead_tfm *aeadc = pask->private; + + struct crypto_aead *tfm = aeadc->aead; + unsigned int ivlen = crypto_aead_ivsize(tfm); + +- af_alg_pull_tsgl(sk, ctx->used, NULL, 0); ++ af_alg_pull_tsgl(sk, ctx->used, NULL); + sock_kzfree_s(sk, ctx->iv, ivlen); + sock_kfree_s(sk, ctx, ctx->len); + af_alg_release_parent(sk); +diff --git a/crypto/af_alg.c b/crypto/af_alg.c +index 1594a2dd9222..b2fe28992ebf 100644 +--- a/crypto/af_alg.c ++++ b/crypto/af_alg.c +@@ -637,15 +637,13 @@ static int af_alg_alloc_tsgl(struct sock *sk) + /** + * af_alg_count_tsgl - Count number of TX SG entries + * +- * The counting starts from the beginning of the SGL to @bytes. If +- * an @offset is provided, the counting of the SG entries starts at the @offset. ++ * The counting starts from the beginning of the SGL to @bytes. + * + * @sk: socket of connection to user space + * @bytes: Count the number of SG entries holding given number of bytes. +- * @offset: Start the counting of SG entries from the given offset. + * Return: Number of TX SG entries found given the constraints + */ +-unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset) ++unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes) + { + const struct alg_sock *ask = alg_sk(sk); + const struct af_alg_ctx *ctx = ask->private; +@@ -660,25 +658,11 @@ unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset) + const struct scatterlist *sg = sgl->sg; + + for (i = 0; i < sgl->cur; i++) { +- size_t bytes_count; +- +- /* Skip offset */ +- if (offset >= sg[i].length) { +- offset -= sg[i].length; +- bytes -= sg[i].length; +- continue; +- } +- +- bytes_count = sg[i].length - offset; +- +- offset = 0; + sgl_count++; +- +- /* If we have seen requested number of bytes, stop */ +- if (bytes_count >= bytes) ++ if (sg[i].length >= bytes) + return sgl_count; + +- bytes -= bytes_count; ++ bytes -= sg[i].length; + } + } + +@@ -690,19 +674,14 @@ EXPORT_SYMBOL_GPL(af_alg_count_tsgl); + * af_alg_pull_tsgl - Release the specified buffers from TX SGL + * + * If @dst is non-null, reassign the pages to @dst. The caller must release +- * the pages. If @dst_offset is given only reassign the pages to @dst starting +- * at the @dst_offset (byte). The caller must ensure that @dst is large +- * enough (e.g. by using af_alg_count_tsgl with the same offset). ++ * the pages. + * + * @sk: socket of connection to user space + * @used: Number of bytes to pull from TX SGL + * @dst: If non-NULL, buffer is reassigned to dst SGL instead of releasing. The + * caller must release the buffers in dst. +- * @dst_offset: Reassign the TX SGL from given offset. All buffers before +- * reaching the offset is released. + */ +-void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, +- size_t dst_offset) ++void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst) + { + struct alg_sock *ask = alg_sk(sk); + struct af_alg_ctx *ctx = ask->private; +@@ -727,18 +706,10 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, + * SG entries in dst. + */ + if (dst) { +- if (dst_offset >= plen) { +- /* discard page before offset */ +- dst_offset -= plen; +- } else { +- /* reassign page to dst after offset */ +- get_page(page); +- sg_set_page(dst + j, page, +- plen - dst_offset, +- sg[i].offset + dst_offset); +- dst_offset = 0; +- j++; +- } ++ /* reassign page to dst after offset */ ++ get_page(page); ++ sg_set_page(dst + j, page, plen, sg[i].offset); ++ j++; + } + + sg[i].length -= plen; +* Unmerged path crypto/algif_aead.c +diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c +index 125d395c5e00..82735e51be10 100644 +--- a/crypto/algif_skcipher.c ++++ b/crypto/algif_skcipher.c +@@ -138,7 +138,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, + * Create a per request TX SGL for this request which tracks the + * SG entries from the global TX SGL. + */ +- areq->tsgl_entries = af_alg_count_tsgl(sk, len, 0); ++ areq->tsgl_entries = af_alg_count_tsgl(sk, len); + if (!areq->tsgl_entries) + areq->tsgl_entries = 1; + areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), +@@ -149,7 +149,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, + goto free; + } + sg_init_table(areq->tsgl, areq->tsgl_entries); +- af_alg_pull_tsgl(sk, len, areq->tsgl, 0); ++ af_alg_pull_tsgl(sk, len, areq->tsgl); + + /* Initialize the crypto operation */ + skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm); +@@ -363,7 +363,7 @@ static void skcipher_sock_destruct(struct sock *sk) + struct alg_sock *pask = alg_sk(psk); + struct crypto_skcipher *tfm = pask->private; + +- af_alg_pull_tsgl(sk, ctx->used, NULL, 0); ++ af_alg_pull_tsgl(sk, ctx->used, NULL); + sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm)); + if (ctx->state) + sock_kzfree_s(sk, ctx->state, crypto_skcipher_statesize(tfm)); +diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h +index f7b3b93f3a49..b32d1ef827e7 100644 +--- a/include/crypto/if_alg.h ++++ b/include/crypto/if_alg.h +@@ -228,9 +228,8 @@ static inline bool af_alg_readable(struct sock *sk) + return PAGE_SIZE <= af_alg_rcvbuf(sk); + } + +-unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset); +-void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, +- size_t dst_offset); ++unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes); ++void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst); + void af_alg_wmem_wakeup(struct sock *sk); + int af_alg_wait_for_data(struct sock *sk, unsigned flags, unsigned min); + int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, From 22075873737fe869909c5b3fdc8c6cb613d10d0f Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:11 -0400 Subject: [PATCH 09/17] crypto: af_alg - limit RX SG extraction by receive buffer budget jira KERNEL-943 cve CVE-2026-31677 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Douya Le commit 8eceab19eba9dcbfd2a0daec72e1bf48aa100170 Make af_alg_get_rsgl() limit each RX scatterlist extraction to the remaining receive buffer budget. af_alg_get_rsgl() currently uses af_alg_readable() only as a gate before extracting data into the RX scatterlist. Limit each extraction to the remaining af_alg_rcvbuf(sk) budget so that receive-side accounting matches the amount of data attached to the request. If skcipher cannot obtain enough RX space for at least one chunk while more data remains to be processed, reject the recvmsg call instead of rounding the request length down to zero. Fixes: e870456d8e7c8d57c059ea479b5aadbb55ff4c3a ("crypto: algif_skcipher - overhaul memory management") Reported-by: Yifan Wu Reported-by: Juefei Pu Co-developed-by: Yuan Tan Signed-off-by: Yuan Tan Suggested-by: Xin Liu Signed-off-by: Douya Le Signed-off-by: Ren Wei Signed-off-by: Herbert Xu (cherry picked from commit 8eceab19eba9dcbfd2a0daec72e1bf48aa100170) Signed-off-by: Jonathan Maple --- crypto/af_alg.c | 2 ++ crypto/algif_skcipher.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 1594a2dd92223..0fc970a8c26c4 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -1251,6 +1251,8 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags, seglen = min_t(size_t, (maxsize - len), msg_data_left(msg)); + /* Never pin more pages than the remaining RX accounting budget. */ + seglen = min_t(size_t, seglen, af_alg_rcvbuf(sk)); if (list_empty(&areq->rsgl_list)) { rsgl = &areq->first_rsgl; diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 125d395c5e009..3549ad1cc42e6 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -130,6 +130,11 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, * full block size buffers. */ if (ctx->more || len < ctx->used) { + if (len < bs) { + err = -EINVAL; + goto free; + } + len -= len % bs; cflags |= CRYPTO_SKCIPHER_REQ_NOTFINAL; } From ead2b3c938f945ada87683c142c3ca323e420c1c Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:11 -0400 Subject: [PATCH 10/17] crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl jira KERNEL-943 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Herbert Xu commit 31d00156e50ecad37f2cb6cbf04aaa9a260505ef Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/31d00156.failed When page reassignment was added to af_alg_pull_tsgl the original loop wasn't updated so it may try to reassign one more page than necessary. Add the check to the reassignment so that this does not happen. Also update the comment which still refers to the obsolete offset argument. Reported-by: syzbot+d23888375c2737c17ba5@syzkaller.appspotmail.com Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management") Signed-off-by: Herbert Xu (cherry picked from commit 31d00156e50ecad37f2cb6cbf04aaa9a260505ef) Signed-off-by: Jonathan Maple # Conflicts: # crypto/af_alg.c --- .../31d00156.failed | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/31d00156.failed diff --git a/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/31d00156.failed b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/31d00156.failed new file mode 100644 index 0000000000000..7bc5a72e3f14c --- /dev/null +++ b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/31d00156.failed @@ -0,0 +1,60 @@ +crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl + +jira KERNEL-943 +Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 +commit-author Herbert Xu +commit 31d00156e50ecad37f2cb6cbf04aaa9a260505ef +Empty-Commit: Cherry-Pick Conflicts during history rebuild. +Will be included in final tarball splat. Ref for failed cherry-pick at: +ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/31d00156.failed + +When page reassignment was added to af_alg_pull_tsgl the original +loop wasn't updated so it may try to reassign one more page than +necessary. + +Add the check to the reassignment so that this does not happen. + +Also update the comment which still refers to the obsolete offset +argument. + + Reported-by: syzbot+d23888375c2737c17ba5@syzkaller.appspotmail.com +Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management") + Signed-off-by: Herbert Xu +(cherry picked from commit 31d00156e50ecad37f2cb6cbf04aaa9a260505ef) + Signed-off-by: Jonathan Maple + +# Conflicts: +# crypto/af_alg.c +diff --cc crypto/af_alg.c +index 0fc970a8c26c,dd0e5be4d8c0..000000000000 +--- a/crypto/af_alg.c ++++ b/crypto/af_alg.c +@@@ -726,19 -705,11 +726,27 @@@ void af_alg_pull_tsgl(struct sock *sk, + * Assumption: caller created af_alg_count_tsgl(len) + * SG entries in dst. + */ +++<<<<<<< HEAD + + if (dst) { + + if (dst_offset >= plen) { + + /* discard page before offset */ + + dst_offset -= plen; + + } else { + + /* reassign page to dst after offset */ + + get_page(page); + + sg_set_page(dst + j, page, + + plen - dst_offset, + + sg[i].offset + dst_offset); + + dst_offset = 0; + + j++; + + } +++======= ++ if (dst && plen) { ++ /* reassign page to dst */ ++ get_page(page); ++ sg_set_page(dst + j, page, plen, sg[i].offset); ++ j++; +++>>>>>>> 31d00156e50e (crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl) + } + + sg[i].length -= plen; +* Unmerged path crypto/af_alg.c From a7994f9052df2ca1971a20f93c02d2a6ff3aacf0 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:12 -0400 Subject: [PATCH 11/17] crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec jira KERNEL-943 cve CVE-2026-23060 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Taeyang Lee <0wn@theori.io> commit 2397e9264676be7794f8f7f1e9763d90bd3c7335 authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs. Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface") Reported-By: Taeyang Lee <0wn@theori.io> Signed-off-by: Taeyang Lee <0wn@theori.io> Signed-off-by: Herbert Xu (cherry picked from commit 2397e9264676be7794f8f7f1e9763d90bd3c7335) Signed-off-by: Jonathan Maple --- crypto/authencesn.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/authencesn.c b/crypto/authencesn.c index 2cc933e2f7901..e08032e80f188 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -185,6 +185,9 @@ static int crypto_authenc_esn_encrypt(struct aead_request *req) struct scatterlist *src, *dst; int err; + if (assoclen < 8) + return -EINVAL; + sg_init_table(areq_ctx->src, 2); src = scatterwalk_ffwd(areq_ctx->src, req->src, assoclen); dst = src; @@ -275,6 +278,9 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req) u32 tmp[2]; int err; + if (assoclen < 8) + return -EINVAL; + cryptlen -= authsize; if (req->src != dst) { From 53d1a0fe329ac524fc33a0ef3d0cb4e0f9f5a422 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:12 -0400 Subject: [PATCH 12/17] crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption jira KERNEL-943 cve CVE-2026-31431 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Herbert Xu commit e02494114ebf7c8b42777c6cd6982f113bfdbec7 Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/e0249411.failed When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could simply be re-copied from the source. However, the data to be hashed need to be rearranged accordingly. Reported-by: Taeyang Lee <0wn@theori.io> Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface") Signed-off-by: Herbert Xu Thanks, Signed-off-by: Herbert Xu (cherry picked from commit e02494114ebf7c8b42777c6cd6982f113bfdbec7) Signed-off-by: Jonathan Maple # Conflicts: # crypto/authencesn.c --- .../e0249411.failed | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/e0249411.failed diff --git a/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/e0249411.failed b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/e0249411.failed new file mode 100644 index 0000000000000..217466de68d9b --- /dev/null +++ b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/e0249411.failed @@ -0,0 +1,55 @@ +crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption + +jira KERNEL-943 +cve CVE-2026-31431 +Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 +commit-author Herbert Xu +commit e02494114ebf7c8b42777c6cd6982f113bfdbec7 +Empty-Commit: Cherry-Pick Conflicts during history rebuild. +Will be included in final tarball splat. Ref for failed cherry-pick at: +ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/e0249411.failed + +When decrypting data that is not in-place (src != dst), there is +no need to save the high-order sequence bits in dst as it could +simply be re-copied from the source. + +However, the data to be hashed need to be rearranged accordingly. + + Reported-by: Taeyang Lee <0wn@theori.io> +Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface") + Signed-off-by: Herbert Xu + +Thanks, + + Signed-off-by: Herbert Xu +(cherry picked from commit e02494114ebf7c8b42777c6cd6982f113bfdbec7) + Signed-off-by: Jonathan Maple + +# Conflicts: +# crypto/authencesn.c +diff --cc crypto/authencesn.c +index e08032e80f18,c0a01d738d9b..000000000000 +--- a/crypto/authencesn.c ++++ b/crypto/authencesn.c +@@@ -281,17 -268,6 +287,20 @@@ static int crypto_authenc_esn_decrypt(s + if (assoclen < 8) + return -EINVAL; + +++<<<<<<< HEAD + + cryptlen -= authsize; + + + + if (req->src != dst) { + + err = crypto_authenc_esn_copy(req, assoclen + cryptlen); + + if (err) + + return err; + + } + + + + scatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen, + + authsize, 0); + + +++======= +++>>>>>>> e02494114ebf (crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption) + if (!authsize) + goto tail; + +* Unmerged path crypto/authencesn.c From 9e3dd5328326ffbdd8a096a3c9f97d0c9cb65e06 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:13 -0400 Subject: [PATCH 13/17] crypto: authencesn - Fix src offset when decrypting in-place jira KERNEL-943 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Herbert Xu commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/1f48ad3b.failed The src SG list offset wasn't set properly when decrypting in-place, fix it. Reported-by: Wolfgang Walter Fixes: e02494114ebf ("crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption") Signed-off-by: Herbert Xu (cherry picked from commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa) Signed-off-by: Jonathan Maple # Conflicts: # crypto/authencesn.c --- .../1f48ad3b.failed | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/1f48ad3b.failed diff --git a/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/1f48ad3b.failed b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/1f48ad3b.failed new file mode 100644 index 0000000000000..97525c72c07ca --- /dev/null +++ b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/1f48ad3b.failed @@ -0,0 +1,42 @@ +crypto: authencesn - Fix src offset when decrypting in-place + +jira KERNEL-943 +Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 +commit-author Herbert Xu +commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa +Empty-Commit: Cherry-Pick Conflicts during history rebuild. +Will be included in final tarball splat. Ref for failed cherry-pick at: +ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/1f48ad3b.failed + +The src SG list offset wasn't set properly when decrypting in-place, +fix it. + + Reported-by: Wolfgang Walter +Fixes: e02494114ebf ("crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption") + Signed-off-by: Herbert Xu +(cherry picked from commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa) + Signed-off-by: Jonathan Maple + +# Conflicts: +# crypto/authencesn.c +diff --cc crypto/authencesn.c +index e08032e80f18,af3d584e584f..000000000000 +--- a/crypto/authencesn.c ++++ b/crypto/authencesn.c +@@@ -243,8 -228,11 +243,15 @@@ static int crypto_authenc_esn_decrypt_t + + decrypt: + +++<<<<<<< HEAD + + sg_init_table(areq_ctx->dst, 2); +++======= +++>>>>>>> 1f48ad3b19a9 (crypto: authencesn - Fix src offset when decrypting in-place) + dst = scatterwalk_ffwd(areq_ctx->dst, dst, assoclen); ++ if (req->src == req->dst) ++ src = dst; ++ else ++ src = scatterwalk_ffwd(areq_ctx->src, src, assoclen); + + skcipher_request_set_tfm(skreq, ctx->enc); + skcipher_request_set_callback(skreq, flags, +* Unmerged path crypto/authencesn.c From 70612ff28267740c77cf218070e46a66344bab7e Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:13 -0400 Subject: [PATCH 14/17] crypto: authencesn - reject short ahash digests during instance creation jira KERNEL-943 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Yucheng Lu commit 5db6ef9847717329f12c5ea8aba7e9f588a980c0 authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequence number data at the end of the authenticated data. While crypto_authenc_esn_setauthsize() already rejects explicit non-zero authsizes in the range 1..3, crypto_authenc_esn_create() still copied auth->digestsize into inst->alg.maxauthsize without validating it. The AEAD core then initialized the tfm's default authsize from that value. As a result, selecting an ahash with digest size 1..3, such as cbcmac(cipher_null), exposed authencesn instances whose default authsize was invalid even though setauthsize() would have rejected the same value. AF_ALG could then trigger the ESN tail handling with a too-short tag and hit an out-of-bounds access. Reject authencesn instances whose ahash digest size is in the invalid non-zero range 1..3 so that no tfm can inherit an unsupported default authsize. Fixes: f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver") Cc: stable@kernel.org Reported-by: Yifan Wu Reported-by: Juefei Pu Co-developed-by: Yuan Tan Signed-off-by: Yuan Tan Suggested-by: Xin Liu Tested-by: Yuhang Zheng Reviewed-by: Eric Biggers Signed-off-by: Yucheng Lu Signed-off-by: Ren Wei Signed-off-by: Herbert Xu (cherry picked from commit 5db6ef9847717329f12c5ea8aba7e9f588a980c0) Signed-off-by: Jonathan Maple --- crypto/authencesn.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/authencesn.c b/crypto/authencesn.c index e08032e80f188..9ac15e5a6e3a4 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -410,6 +410,11 @@ static int crypto_authenc_esn_create(struct crypto_template *tmpl, auth = crypto_spawn_ahash_alg(&ctx->auth); auth_base = &auth->base; + if (auth->digestsize > 0 && auth->digestsize < 4) { + err = -EINVAL; + goto err_free_inst; + } + err = crypto_grab_skcipher(&ctx->enc, aead_crypto_instance(inst), crypto_attr_alg_name(tb[2]), 0, mask); if (err) From 823bae28edd6a2be7a489c5ab59824ee307f69a4 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:14 -0400 Subject: [PATCH 15/17] crypto: algif_aead - Fix minimum RX size check for decryption jira KERNEL-943 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Herbert Xu commit 3d14bd48e3a77091cbce637a12c2ae31b4a1687c The check for the minimum receive buffer size did not take the tag size into account during decryption. Fix this by adding the required extra length. Reported-by: syzbot+aa11561819dc42ebbc7c@syzkaller.appspotmail.com Reported-by: Daniel Pouzzner Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management") Signed-off-by: Herbert Xu (cherry picked from commit 3d14bd48e3a77091cbce637a12c2ae31b4a1687c) Signed-off-by: Jonathan Maple --- crypto/algif_aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index 7d58cbbce4af2..481e66f8708bb 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -170,7 +170,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, if (usedpages < outlen) { size_t less = outlen - usedpages; - if (used < less) { + if (used < less + (ctx->enc ? 0 : as)) { err = -EINVAL; goto free; } From 5d94ee5aa73e2310aa3be44f77354f21b2aa0bb1 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:14 -0400 Subject: [PATCH 16/17] crypto: algif_aead - snapshot IV for async AEAD requests jira KERNEL-943 Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 commit-author Douya Le commit 5aa58c3a572b3e3b6c786953339f7978b845cc52 Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/5aa58c3a.failed AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the original request has fully completed, which can lead to inconsistent IV handling. Snapshot the IV into per-request storage when preparing the AEAD request, so in-flight operations no longer depend on mutable socket state. Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management") Cc: stable@kernel.org Reported-by: Yuan Tan Reported-by: Yifan Wu Reported-by: Juefei Pu Reported-by: Xin Liu Co-developed-by: Luxing Yin Signed-off-by: Luxing Yin Tested-by: Yucheng Lu Signed-off-by: Douya Le Signed-off-by: Ren Wei Signed-off-by: Herbert Xu (cherry picked from commit 5aa58c3a572b3e3b6c786953339f7978b845cc52) Signed-off-by: Jonathan Maple # Conflicts: # crypto/algif_aead.c --- .../5aa58c3a.failed | 144 ++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/5aa58c3a.failed diff --git a/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/5aa58c3a.failed b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/5aa58c3a.failed new file mode 100644 index 0000000000000..45ab83f7d3dab --- /dev/null +++ b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/5aa58c3a.failed @@ -0,0 +1,144 @@ +crypto: algif_aead - snapshot IV for async AEAD requests + +jira KERNEL-943 +Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1 +commit-author Douya Le +commit 5aa58c3a572b3e3b6c786953339f7978b845cc52 +Empty-Commit: Cherry-Pick Conflicts during history rebuild. +Will be included in final tarball splat. Ref for failed cherry-pick at: +ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/5aa58c3a.failed + +AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during +request processing. For async requests, later socket activity can +update that shared state before the original request has fully +completed, which can lead to inconsistent IV handling. + +Snapshot the IV into per-request storage when preparing the AEAD +request, so in-flight operations no longer depend on mutable socket +state. + +Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management") + Cc: stable@kernel.org + Reported-by: Yuan Tan + Reported-by: Yifan Wu + Reported-by: Juefei Pu + Reported-by: Xin Liu +Co-developed-by: Luxing Yin + Signed-off-by: Luxing Yin + Tested-by: Yucheng Lu + Signed-off-by: Douya Le + Signed-off-by: Ren Wei + Signed-off-by: Herbert Xu +(cherry picked from commit 5aa58c3a572b3e3b6c786953339f7978b845cc52) + Signed-off-by: Jonathan Maple + +# Conflicts: +# crypto/algif_aead.c +diff --cc crypto/algif_aead.c +index 481e66f8708b,cb651ab58d62..000000000000 +--- a/crypto/algif_aead.c ++++ b/crypto/algif_aead.c +@@@ -93,13 -70,12 +93,20 @@@ static int _aead_recvmsg(struct socket + struct sock *psk = ask->parent; + struct alg_sock *pask = alg_sk(psk); + struct af_alg_ctx *ctx = ask->private; +++<<<<<<< HEAD + + struct aead_tfm *aeadc = pask->private; + + struct crypto_aead *tfm = aeadc->aead; + + struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm; + + unsigned int i, as = crypto_aead_authsize(tfm); +++======= ++ struct crypto_aead *tfm = pask->private; ++ unsigned int as = crypto_aead_authsize(tfm); ++ unsigned int ivsize = crypto_aead_ivsize(tfm); +++>>>>>>> 5aa58c3a572b (crypto: algif_aead - snapshot IV for async AEAD requests) + struct af_alg_async_req *areq; + + struct af_alg_tsgl *tsgl, *tmp; + struct scatterlist *rsgl_src, *tsgl_src = NULL; ++ void *iv; + int err = 0; + size_t used = 0; /* [in] TX bufs to be en/decrypted */ + size_t outlen = 0; /* [out] RX bufs produced by kernel */ +@@@ -212,75 -189,11 +223,80 @@@ + /* Use the RX SGL as source (and destination) for crypto op. */ + rsgl_src = areq->first_rsgl.sgl.sgt.sgl; + + - memcpy_sglist(rsgl_src, tsgl_src, ctx->aead_assoclen); + + if (ctx->enc) { + + /* + + * Encryption operation - The in-place cipher operation is + + * achieved by the following operation: + + * + + * TX SGL: AAD || PT + + * | | + + * | copy | + + * v v + + * RX SGL: AAD || PT || Tag + + */ + + err = crypto_aead_copy_sgl(null_tfm, tsgl_src, + + areq->first_rsgl.sgl.sgt.sgl, + + processed); + + if (err) + + goto free; + + af_alg_pull_tsgl(sk, processed, NULL, 0); + + } else { + + /* + + * Decryption operation - To achieve an in-place cipher + + * operation, the following SGL structure is used: + + * + + * TX SGL: AAD || CT || Tag + + * | | ^ + + * | copy | | Create SGL link. + + * v v | + + * RX SGL: AAD || CT ----+ + + */ + + + + /* Copy AAD || CT to RX SGL buffer for in-place operation. */ + + err = crypto_aead_copy_sgl(null_tfm, tsgl_src, + + areq->first_rsgl.sgl.sgt.sgl, + + outlen); + + if (err) + + goto free; + + + + /* Create TX SGL for tag and chain it to RX SGL. */ + + areq->tsgl_entries = af_alg_count_tsgl(sk, processed, + + processed - as); + + if (!areq->tsgl_entries) + + areq->tsgl_entries = 1; + + areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), + + areq->tsgl_entries), + + GFP_KERNEL); + + if (!areq->tsgl) { + + err = -ENOMEM; + + goto free; + + } + + sg_init_table(areq->tsgl, areq->tsgl_entries); + + + + /* Release TX SGL, except for tag data and reassign tag data. */ + + af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as); + + + + /* chain the areq TX SGL holding the tag with RX SGL */ + + if (usedpages) { + + /* RX SGL present */ + + struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl; + + struct scatterlist *sg = sgl_prev->sgt.sgl; + + + + sg_unmark_end(sg + sgl_prev->sgt.nents - 1); + + sg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl); + + } else + + /* no RX SGL present (e.g. authentication only) */ + + rsgl_src = areq->tsgl; + + } + + /* Initialize the crypto operation */ +++<<<<<<< HEAD + + aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src, + + areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv); +++======= ++ aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src, ++ areq->first_rsgl.sgl.sgt.sgl, used, iv); +++>>>>>>> 5aa58c3a572b (crypto: algif_aead - snapshot IV for async AEAD requests) + aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen); + aead_request_set_tfm(&areq->cra_u.aead_req, tfm); + +* Unmerged path crypto/algif_aead.c From 1300dd84850c714b7740cd18883ba9c42e53450a Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 5 May 2026 14:35:44 -0400 Subject: [PATCH 17/17] Rebuild rocky10_1 with kernel-6.12.0-124.55.1.el10_1 Rebuild_History BUILDABLE Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50% Number of commits in upstream range v6.12~1..kernel-mainline: 122058 Number of commits in rpm: 19 Number of commits matched with upstream: 16 (84.21%) Number of commits in upstream but not in rpm: 122042 Number of commits NOT found in upstream: 3 (15.79%) Rebuilding Kernel on Branch rocky10_1_rebuild_kernel-6.12.0-124.55.1.el10_1 for kernel-6.12.0-124.55.1.el10_1 Clean Cherry Picks: 11 (68.75%) Empty Cherry Picks: 5 (31.25%) _______________________________ Full Details Located here: ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/rebuild.details.txt Includes: * git commit header above * Empty Commits with upstream SHA * RPM ChangeLog Entries that could not be matched Individual Empty Commit failures contained in the same containing directory. The git message for empty commits will have the path for the failed commit. File names are the first 8 characters of the upstream SHA --- ...1.el10_1 => COPYING-6.12.0-124.55.1.el10_1 | 0 Makefile.rhelver | 2 +- .../rebuild.details.txt | 24 ++++ .../kernel-6.12.0-aarch64-64k-debug.config | 4 +- configs/kernel-6.12.0-aarch64-64k.config | 4 +- configs/kernel-6.12.0-aarch64-debug.config | 4 +- .../kernel-6.12.0-aarch64-rt-64k-debug.config | 4 +- configs/kernel-6.12.0-aarch64-rt-64k.config | 4 +- configs/kernel-6.12.0-aarch64-rt-debug.config | 4 +- configs/kernel-6.12.0-aarch64-rt.config | 4 +- configs/kernel-6.12.0-aarch64.config | 4 +- configs/kernel-6.12.0-ppc64le-debug.config | 4 +- configs/kernel-6.12.0-ppc64le.config | 4 +- configs/kernel-6.12.0-riscv64-debug.config | 4 +- configs/kernel-6.12.0-riscv64.config | 4 +- configs/kernel-6.12.0-s390x-debug.config | 4 +- configs/kernel-6.12.0-s390x-zfcpdump.config | 4 +- configs/kernel-6.12.0-s390x.config | 4 +- configs/kernel-6.12.0-x86_64-debug.config | 4 +- configs/kernel-6.12.0-x86_64-rt-debug.config | 4 +- configs/kernel-6.12.0-x86_64-rt.config | 4 +- configs/kernel-6.12.0-x86_64.config | 4 +- crypto/af_alg.c | 51 ++------ crypto/algif_aead.c | 119 +++++------------- crypto/algif_skcipher.c | 6 +- crypto/authencesn.c | 72 +++++++---- include/crypto/if_alg.h | 5 +- redhat/kernel.changelog-10.1 | 25 ++++ uki-addons.sbat | 4 +- uki.sbat | 4 +- 30 files changed, 186 insertions(+), 202 deletions(-) rename COPYING-6.12.0-124.52.1.el10_1 => COPYING-6.12.0-124.55.1.el10_1 (100%) create mode 100644 ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/rebuild.details.txt diff --git a/COPYING-6.12.0-124.52.1.el10_1 b/COPYING-6.12.0-124.55.1.el10_1 similarity index 100% rename from COPYING-6.12.0-124.52.1.el10_1 rename to COPYING-6.12.0-124.55.1.el10_1 diff --git a/Makefile.rhelver b/Makefile.rhelver index 0f30424b66561..98ed3cfa0675e 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 1 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 124.52.1 +RHEL_RELEASE = 124.55.1 # # RHEL_REBASE_NUM diff --git a/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/rebuild.details.txt b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/rebuild.details.txt new file mode 100644 index 0000000000000..ed1d5a07c5c16 --- /dev/null +++ b/ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/rebuild.details.txt @@ -0,0 +1,24 @@ +Rebuild_History BUILDABLE +Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50% +Number of commits in upstream range v6.12~1..kernel-mainline: 122058 +Number of commits in rpm: 19 +Number of commits matched with upstream: 16 (84.21%) +Number of commits in upstream but not in rpm: 122042 +Number of commits NOT found in upstream: 3 (15.79%) + +Rebuilding Kernel on Branch rocky10_1_rebuild_kernel-6.12.0-124.55.1.el10_1 for kernel-6.12.0-124.55.1.el10_1 +Clean Cherry Picks: 11 (68.75%) +Empty Cherry Picks: 5 (31.25%) +_______________________________ + +__EMPTY COMMITS__________________________ +a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 crypto: algif_aead - Revert to operating out-of-place +31d00156e50ecad37f2cb6cbf04aaa9a260505ef crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl +e02494114ebf7c8b42777c6cd6982f113bfdbec7 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption +1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa crypto: authencesn - Fix src offset when decrypting in-place +5aa58c3a572b3e3b6c786953339f7978b845cc52 crypto: algif_aead - snapshot IV for async AEAD requests + +__CHANGES NOT IN UPSTREAM________________ +Add partial riscv64 support for build root' +Provide basic VisionFive 2 support' +Patch MMU for riscv64' diff --git a/configs/kernel-6.12.0-aarch64-64k-debug.config b/configs/kernel-6.12.0-aarch64-64k-debug.config index b96548ce5d4f8..28beb56a13ca9 100644 --- a/configs/kernel-6.12.0-aarch64-64k-debug.config +++ b/configs/kernel-6.12.0-aarch64-64k-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-64k.config b/configs/kernel-6.12.0-aarch64-64k.config index 2395bfd05661e..422bff915386a 100644 --- a/configs/kernel-6.12.0-aarch64-64k.config +++ b/configs/kernel-6.12.0-aarch64-64k.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-debug.config b/configs/kernel-6.12.0-aarch64-debug.config index 07a1f6cf35dec..ca45f827b25c7 100644 --- a/configs/kernel-6.12.0-aarch64-debug.config +++ b/configs/kernel-6.12.0-aarch64-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-rt-64k-debug.config b/configs/kernel-6.12.0-aarch64-rt-64k-debug.config index 0441d7638c043..2a8d0fd7ece33 100644 --- a/configs/kernel-6.12.0-aarch64-rt-64k-debug.config +++ b/configs/kernel-6.12.0-aarch64-rt-64k-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-rt-64k.config b/configs/kernel-6.12.0-aarch64-rt-64k.config index 226fd1d3e284a..2bb2841b65f18 100644 --- a/configs/kernel-6.12.0-aarch64-rt-64k.config +++ b/configs/kernel-6.12.0-aarch64-rt-64k.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-rt-debug.config b/configs/kernel-6.12.0-aarch64-rt-debug.config index 54c9a50a14ac9..34f054de9688a 100644 --- a/configs/kernel-6.12.0-aarch64-rt-debug.config +++ b/configs/kernel-6.12.0-aarch64-rt-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-rt.config b/configs/kernel-6.12.0-aarch64-rt.config index c3772158900d7..f60b2b0dbaa18 100644 --- a/configs/kernel-6.12.0-aarch64-rt.config +++ b/configs/kernel-6.12.0-aarch64-rt.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64.config b/configs/kernel-6.12.0-aarch64.config index fe85b3a14e511..c41615455fcd1 100644 --- a/configs/kernel-6.12.0-aarch64.config +++ b/configs/kernel-6.12.0-aarch64.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-ppc64le-debug.config b/configs/kernel-6.12.0-ppc64le-debug.config index eba58103fdf09..b13230e7dc8e7 100644 --- a/configs/kernel-6.12.0-ppc64le-debug.config +++ b/configs/kernel-6.12.0-ppc64le-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-ppc64le.config b/configs/kernel-6.12.0-ppc64le.config index 4994027456f2e..3dc9c27259c05 100644 --- a/configs/kernel-6.12.0-ppc64le.config +++ b/configs/kernel-6.12.0-ppc64le.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-riscv64-debug.config b/configs/kernel-6.12.0-riscv64-debug.config index f674761392764..7e32eee0b294c 100644 --- a/configs/kernel-6.12.0-riscv64-debug.config +++ b/configs/kernel-6.12.0-riscv64-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-riscv64.config b/configs/kernel-6.12.0-riscv64.config index 71b88b3cf4fd4..48594fde160c2 100644 --- a/configs/kernel-6.12.0-riscv64.config +++ b/configs/kernel-6.12.0-riscv64.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-s390x-debug.config b/configs/kernel-6.12.0-s390x-debug.config index 7ec488fb8a6c1..bd204ce5a1b1e 100644 --- a/configs/kernel-6.12.0-s390x-debug.config +++ b/configs/kernel-6.12.0-s390x-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-s390x-zfcpdump.config b/configs/kernel-6.12.0-s390x-zfcpdump.config index 629d16cd08fed..a06e1a49bd260 100644 --- a/configs/kernel-6.12.0-s390x-zfcpdump.config +++ b/configs/kernel-6.12.0-s390x-zfcpdump.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-s390x.config b/configs/kernel-6.12.0-s390x.config index 1e5602c639638..eb1b3e82c4e51 100644 --- a/configs/kernel-6.12.0-s390x.config +++ b/configs/kernel-6.12.0-s390x.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-x86_64-debug.config b/configs/kernel-6.12.0-x86_64-debug.config index 7cab95e796aba..c6aa611927efa 100644 --- a/configs/kernel-6.12.0-x86_64-debug.config +++ b/configs/kernel-6.12.0-x86_64-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-x86_64-rt-debug.config b/configs/kernel-6.12.0-x86_64-rt-debug.config index e6e578acbe98c..a68a10d4fbd38 100644 --- a/configs/kernel-6.12.0-x86_64-rt-debug.config +++ b/configs/kernel-6.12.0-x86_64-rt-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-x86_64-rt.config b/configs/kernel-6.12.0-x86_64-rt.config index cfd2ab42512eb..4142669f969bc 100644 --- a/configs/kernel-6.12.0-x86_64-rt.config +++ b/configs/kernel-6.12.0-x86_64-rt.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-x86_64.config b/configs/kernel-6.12.0-x86_64.config index 984976b40e72c..b77a58ee4ebc1 100644 --- a/configs/kernel-6.12.0-x86_64.config +++ b/configs/kernel-6.12.0-x86_64.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 0fc970a8c26c4..4c94448e46599 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -637,15 +637,13 @@ static int af_alg_alloc_tsgl(struct sock *sk) /** * af_alg_count_tsgl - Count number of TX SG entries * - * The counting starts from the beginning of the SGL to @bytes. If - * an @offset is provided, the counting of the SG entries starts at the @offset. + * The counting starts from the beginning of the SGL to @bytes. * * @sk: socket of connection to user space * @bytes: Count the number of SG entries holding given number of bytes. - * @offset: Start the counting of SG entries from the given offset. * Return: Number of TX SG entries found given the constraints */ -unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset) +unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes) { const struct alg_sock *ask = alg_sk(sk); const struct af_alg_ctx *ctx = ask->private; @@ -660,25 +658,11 @@ unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset) const struct scatterlist *sg = sgl->sg; for (i = 0; i < sgl->cur; i++) { - size_t bytes_count; - - /* Skip offset */ - if (offset >= sg[i].length) { - offset -= sg[i].length; - bytes -= sg[i].length; - continue; - } - - bytes_count = sg[i].length - offset; - - offset = 0; sgl_count++; - - /* If we have seen requested number of bytes, stop */ - if (bytes_count >= bytes) + if (sg[i].length >= bytes) return sgl_count; - bytes -= bytes_count; + bytes -= sg[i].length; } } @@ -690,19 +674,14 @@ EXPORT_SYMBOL_GPL(af_alg_count_tsgl); * af_alg_pull_tsgl - Release the specified buffers from TX SGL * * If @dst is non-null, reassign the pages to @dst. The caller must release - * the pages. If @dst_offset is given only reassign the pages to @dst starting - * at the @dst_offset (byte). The caller must ensure that @dst is large - * enough (e.g. by using af_alg_count_tsgl with the same offset). + * the pages. * * @sk: socket of connection to user space * @used: Number of bytes to pull from TX SGL * @dst: If non-NULL, buffer is reassigned to dst SGL instead of releasing. The * caller must release the buffers in dst. - * @dst_offset: Reassign the TX SGL from given offset. All buffers before - * reaching the offset is released. */ -void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, - size_t dst_offset) +void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst) { struct alg_sock *ask = alg_sk(sk); struct af_alg_ctx *ctx = ask->private; @@ -726,19 +705,11 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, * Assumption: caller created af_alg_count_tsgl(len) * SG entries in dst. */ - if (dst) { - if (dst_offset >= plen) { - /* discard page before offset */ - dst_offset -= plen; - } else { - /* reassign page to dst after offset */ - get_page(page); - sg_set_page(dst + j, page, - plen - dst_offset, - sg[i].offset + dst_offset); - dst_offset = 0; - j++; - } + if (dst && plen) { + /* reassign page to dst */ + get_page(page); + sg_set_page(dst + j, page, plen, sg[i].offset); + j++; } sg[i].length -= plen; diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index 481e66f8708bb..fcf86e5c64949 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -96,10 +96,11 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, struct aead_tfm *aeadc = pask->private; struct crypto_aead *tfm = aeadc->aead; struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm; - unsigned int i, as = crypto_aead_authsize(tfm); + unsigned int as = crypto_aead_authsize(tfm); + unsigned int ivsize = crypto_aead_ivsize(tfm); struct af_alg_async_req *areq; - struct af_alg_tsgl *tsgl, *tmp; struct scatterlist *rsgl_src, *tsgl_src = NULL; + void *iv; int err = 0; size_t used = 0; /* [in] TX bufs to be en/decrypted */ size_t outlen = 0; /* [out] RX bufs produced by kernel */ @@ -151,10 +152,14 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, /* Allocate cipher request for current operation. */ areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + - crypto_aead_reqsize(tfm)); + crypto_aead_reqsize(tfm) + ivsize); if (IS_ERR(areq)) return PTR_ERR(areq); + iv = (u8 *)aead_request_ctx(&areq->cra_u.aead_req) + + crypto_aead_reqsize(tfm); + memcpy(iv, ctx->iv, ivsize); + /* convert iovecs of output buffers into RX SGL */ err = af_alg_get_rsgl(sk, msg, flags, areq, outlen, &usedpages); if (err) @@ -178,23 +183,24 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, outlen -= less; } + /* + * Create a per request TX SGL for this request which tracks the + * SG entries from the global TX SGL. + */ processed = used + ctx->aead_assoclen; - list_for_each_entry_safe(tsgl, tmp, &ctx->tsgl_list, list) { - for (i = 0; i < tsgl->cur; i++) { - struct scatterlist *process_sg = tsgl->sg + i; - - if (!(process_sg->length) || !sg_page(process_sg)) - continue; - tsgl_src = process_sg; - break; - } - if (tsgl_src) - break; - } - if (processed && !tsgl_src) { - err = -EFAULT; + areq->tsgl_entries = af_alg_count_tsgl(sk, processed); + if (!areq->tsgl_entries) + areq->tsgl_entries = 1; + areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), + areq->tsgl_entries), + GFP_KERNEL); + if (!areq->tsgl) { + err = -ENOMEM; goto free; } + sg_init_table(areq->tsgl, areq->tsgl_entries); + af_alg_pull_tsgl(sk, processed, areq->tsgl); + tsgl_src = areq->tsgl; /* * Copy of AAD from source to destination @@ -203,84 +209,19 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, * when user space uses an in-place cipher operation, the kernel * will copy the data as it does not see whether such in-place operation * is initiated. - * - * To ensure efficiency, the following implementation ensure that the - * ciphers are invoked to perform a crypto operation in-place. This - * is achieved by memory management specified as follows. */ /* Use the RX SGL as source (and destination) for crypto op. */ rsgl_src = areq->first_rsgl.sgl.sgt.sgl; - if (ctx->enc) { - /* - * Encryption operation - The in-place cipher operation is - * achieved by the following operation: - * - * TX SGL: AAD || PT - * | | - * | copy | - * v v - * RX SGL: AAD || PT || Tag - */ - err = crypto_aead_copy_sgl(null_tfm, tsgl_src, - areq->first_rsgl.sgl.sgt.sgl, - processed); - if (err) - goto free; - af_alg_pull_tsgl(sk, processed, NULL, 0); - } else { - /* - * Decryption operation - To achieve an in-place cipher - * operation, the following SGL structure is used: - * - * TX SGL: AAD || CT || Tag - * | | ^ - * | copy | | Create SGL link. - * v v | - * RX SGL: AAD || CT ----+ - */ - - /* Copy AAD || CT to RX SGL buffer for in-place operation. */ - err = crypto_aead_copy_sgl(null_tfm, tsgl_src, - areq->first_rsgl.sgl.sgt.sgl, - outlen); - if (err) - goto free; - - /* Create TX SGL for tag and chain it to RX SGL. */ - areq->tsgl_entries = af_alg_count_tsgl(sk, processed, - processed - as); - if (!areq->tsgl_entries) - areq->tsgl_entries = 1; - areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), - areq->tsgl_entries), - GFP_KERNEL); - if (!areq->tsgl) { - err = -ENOMEM; - goto free; - } - sg_init_table(areq->tsgl, areq->tsgl_entries); - - /* Release TX SGL, except for tag data and reassign tag data. */ - af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as); - - /* chain the areq TX SGL holding the tag with RX SGL */ - if (usedpages) { - /* RX SGL present */ - struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl; - struct scatterlist *sg = sgl_prev->sgt.sgl; - - sg_unmark_end(sg + sgl_prev->sgt.nents - 1); - sg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl); - } else - /* no RX SGL present (e.g. authentication only) */ - rsgl_src = areq->tsgl; - } + err = crypto_aead_copy_sgl(null_tfm, tsgl_src, rsgl_src, + ctx->aead_assoclen); + if (err) + goto free; /* Initialize the crypto operation */ - aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src, - areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv); + aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src, + areq->first_rsgl.sgl.sgt.sgl, used, iv); aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen); aead_request_set_tfm(&areq->cra_u.aead_req, tfm); @@ -514,7 +455,7 @@ static void aead_sock_destruct(struct sock *sk) struct crypto_aead *tfm = aeadc->aead; unsigned int ivlen = crypto_aead_ivsize(tfm); - af_alg_pull_tsgl(sk, ctx->used, NULL, 0); + af_alg_pull_tsgl(sk, ctx->used, NULL); sock_kzfree_s(sk, ctx->iv, ivlen); sock_kfree_s(sk, ctx, ctx->len); af_alg_release_parent(sk); diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 3549ad1cc42e6..ba0a17fd95aca 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -143,7 +143,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, * Create a per request TX SGL for this request which tracks the * SG entries from the global TX SGL. */ - areq->tsgl_entries = af_alg_count_tsgl(sk, len, 0); + areq->tsgl_entries = af_alg_count_tsgl(sk, len); if (!areq->tsgl_entries) areq->tsgl_entries = 1; areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), @@ -154,7 +154,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, goto free; } sg_init_table(areq->tsgl, areq->tsgl_entries); - af_alg_pull_tsgl(sk, len, areq->tsgl, 0); + af_alg_pull_tsgl(sk, len, areq->tsgl); /* Initialize the crypto operation */ skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm); @@ -368,7 +368,7 @@ static void skcipher_sock_destruct(struct sock *sk) struct alg_sock *pask = alg_sk(psk); struct crypto_skcipher *tfm = pask->private; - af_alg_pull_tsgl(sk, ctx->used, NULL, 0); + af_alg_pull_tsgl(sk, ctx->used, NULL); sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm)); if (ctx->state) sock_kzfree_s(sk, ctx->state, crypto_skcipher_statesize(tfm)); diff --git a/crypto/authencesn.c b/crypto/authencesn.c index 9ac15e5a6e3a4..8b94a34c6ab4b 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -158,7 +158,10 @@ static void crypto_authenc_esn_encrypt_done(void *data, int err) authenc_esn_request_complete(areq, err); } -static int crypto_authenc_esn_copy(struct aead_request *req, unsigned int len) +static int crypto_authenc_esn_copy_sg(struct aead_request *req, + struct scatterlist *src, + struct scatterlist *dst, + unsigned int len) { struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req); struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn); @@ -167,11 +170,16 @@ static int crypto_authenc_esn_copy(struct aead_request *req, unsigned int len) skcipher_request_set_sync_tfm(skreq, ctx->null); skcipher_request_set_callback(skreq, aead_request_flags(req), NULL, NULL); - skcipher_request_set_crypt(skreq, req->src, req->dst, len, NULL); + skcipher_request_set_crypt(skreq, src, dst, len, NULL); return crypto_skcipher_encrypt(skreq); } +static int crypto_authenc_esn_copy(struct aead_request *req, unsigned int len) +{ + return crypto_authenc_esn_copy_sg(req, req->src, req->dst, len); +} + static int crypto_authenc_esn_encrypt(struct aead_request *req) { struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req); @@ -226,30 +234,41 @@ static int crypto_authenc_esn_decrypt_tail(struct aead_request *req, u8 *ohash = areq_ctx->tail; unsigned int cryptlen = req->cryptlen - authsize; unsigned int assoclen = req->assoclen; + struct scatterlist *src = req->src; struct scatterlist *dst = req->dst; u8 *ihash = ohash + crypto_ahash_digestsize(auth); u32 tmp[2]; + int err; if (!authsize) goto decrypt; - /* Move high-order bits of sequence number back. */ - scatterwalk_map_and_copy(tmp, dst, 4, 4, 0); - scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 0); - scatterwalk_map_and_copy(tmp, dst, 0, 8, 1); + if (src == dst) { + /* Move high-order bits of sequence number back. */ + scatterwalk_map_and_copy(tmp, dst, 4, 4, 0); + scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 0); + scatterwalk_map_and_copy(tmp, dst, 0, 8, 1); + } else { + err = crypto_authenc_esn_copy(req, assoclen); + if (err) + return err; + } if (crypto_memneq(ihash, ohash, authsize)) return -EBADMSG; decrypt: - sg_init_table(areq_ctx->dst, 2); dst = scatterwalk_ffwd(areq_ctx->dst, dst, assoclen); + if (req->src == req->dst) + src = dst; + else + src = scatterwalk_ffwd(areq_ctx->src, src, assoclen); skcipher_request_set_tfm(skreq, ctx->enc); skcipher_request_set_callback(skreq, flags, req->base.complete, req->base.data); - skcipher_request_set_crypt(skreq, dst, dst, cryptlen, req->iv); + skcipher_request_set_crypt(skreq, src, dst, cryptlen, req->iv); return crypto_skcipher_decrypt(skreq); } @@ -274,6 +293,7 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req) unsigned int assoclen = req->assoclen; unsigned int cryptlen = req->cryptlen; u8 *ihash = ohash + crypto_ahash_digestsize(auth); + struct scatterlist *src = req->src; struct scatterlist *dst = req->dst; u32 tmp[2]; int err; @@ -281,27 +301,31 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req) if (assoclen < 8) return -EINVAL; - cryptlen -= authsize; - - if (req->src != dst) { - err = crypto_authenc_esn_copy(req, assoclen + cryptlen); - if (err) - return err; - } + if (!authsize) + goto tail; + cryptlen -= authsize; scatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen, authsize, 0); - if (!authsize) - goto tail; - /* Move high-order bits of sequence number to the end. */ - scatterwalk_map_and_copy(tmp, dst, 0, 8, 0); - scatterwalk_map_and_copy(tmp, dst, 4, 4, 1); - scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 1); - - sg_init_table(areq_ctx->dst, 2); - dst = scatterwalk_ffwd(areq_ctx->dst, dst, 4); + scatterwalk_map_and_copy(tmp, src, 0, 8, 0); + if (src == dst) { + scatterwalk_map_and_copy(tmp, dst, 4, 4, 1); + scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 1); + dst = scatterwalk_ffwd(areq_ctx->dst, dst, 4); + } else { + scatterwalk_map_and_copy(tmp, dst, 0, 4, 1); + scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen - 4, 4, 1); + + src = scatterwalk_ffwd(areq_ctx->src, src, 8); + dst = scatterwalk_ffwd(areq_ctx->dst, dst, 4); + err = crypto_authenc_esn_copy_sg(req, src, dst, + assoclen + cryptlen - 8); + if (err) + return err; + dst = req->dst; + } ahash_request_set_tfm(ahreq, auth); ahash_request_set_crypt(ahreq, dst, ohash, assoclen + cryptlen); diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h index f7b3b93f3a49a..b32d1ef827e70 100644 --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -228,9 +228,8 @@ static inline bool af_alg_readable(struct sock *sk) return PAGE_SIZE <= af_alg_rcvbuf(sk); } -unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset); -void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, - size_t dst_offset); +unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes); +void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst); void af_alg_wmem_wakeup(struct sock *sk); int af_alg_wait_for_data(struct sock *sk, unsigned flags, unsigned min); int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, diff --git a/redhat/kernel.changelog-10.1 b/redhat/kernel.changelog-10.1 index 4bbf712e852d6..6f2de287cbf59 100644 --- a/redhat/kernel.changelog-10.1 +++ b/redhat/kernel.changelog-10.1 @@ -1,3 +1,28 @@ +* Sat May 02 2026 CKI KWF Bot [6.12.0-124.55.1.el10_1] +- crypto: algif_aead - snapshot IV for async AEAD requests (Vladislav Dronov) [RHEL-172211] +- crypto: algif_aead - Fix minimum RX size check for decryption (Vladislav Dronov) [RHEL-172211] +- crypto: authencesn - reject short ahash digests during instance creation (Vladislav Dronov) [RHEL-172211] +- crypto: authencesn - Fix src offset when decrypting in-place (Vladislav Dronov) [RHEL-172211] +- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Vladislav Dronov) [RHEL-172211] {CVE-2026-31431} +- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (Vladislav Dronov) [RHEL-172211] {CVE-2026-23060} +- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Vladislav Dronov) [RHEL-172211] +- crypto: af_alg - limit RX SG extraction by receive buffer budget (Vladislav Dronov) [RHEL-172211] {CVE-2026-31677} +- crypto: algif_aead - Revert to operating out-of-place (Vladislav Dronov) [RHEL-172211] {CVE-2026-31431} +- crypto: af-alg - fix NULL pointer dereference in scatterwalk (Vladislav Dronov) [RHEL-172211] +Resolves: RHEL-172211 + +* Mon Apr 27 2026 CKI KWF Bot [6.12.0-124.54.1.el10_1] +- thunderbolt: Fix wake on connect at runtime (Desnes Nunes) [RHEL-108357] +- thunderbolt: Fix a logic error in wake on connect (Desnes Nunes) [RHEL-108357] +- thunderbolt: Use wake on connect and disconnect over suspend (Desnes Nunes) [RHEL-108357] +- net: bonding: fix use-after-free in bond_xmit_broadcast() (CKI Backport Bot) [RHEL-168071] {CVE-2026-31419} +- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CKI Backport Bot) [RHEL-157330] {CVE-2026-23270} +Resolves: RHEL-108357, RHEL-157330, RHEL-168071 + +* Tue Apr 14 2026 CKI KWF Bot [6.12.0-124.53.1.el10_1] +- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Scott Mayhew) [RHEL-167019] {CVE-2026-31402} +Resolves: RHEL-167019 + * Sat Apr 11 2026 CKI KWF Bot [6.12.0-124.52.1.el10_1] - md/raid1: fix data lost for writemostly rdev (Nigel Croxon) [RHEL-143660] Resolves: RHEL-143660 diff --git a/uki-addons.sbat b/uki-addons.sbat index a8693d7a184fd..b1f6324cbb6fc 100644 --- a/uki-addons.sbat +++ b/uki-addons.sbat @@ -1,3 +1,3 @@ sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md -kernel-uki-virt-addons.rhel,1,Red Hat,kernel-uki-virt-addons,6.12.0-124.52.1.el10_1.x86_64,mailto:secalert@redhat.com -kernel-uki-virt-addons.rocky,1,RESF,kernel-uki-virt-addons,6.12.0-124.52.1.el10_1.x86_64,mailto:security@rockylinux.org +kernel-uki-virt-addons.rhel,1,Red Hat,kernel-uki-virt-addons,6.12.0-124.55.1.el10_1.x86_64,mailto:secalert@redhat.com +kernel-uki-virt-addons.rocky,1,RESF,kernel-uki-virt-addons,6.12.0-124.55.1.el10_1.x86_64,mailto:security@rockylinux.org diff --git a/uki.sbat b/uki.sbat index 8fffd40fb180b..7c4c64bf60be2 100644 --- a/uki.sbat +++ b/uki.sbat @@ -1,3 +1,3 @@ sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md -kernel-uki-virt.rhel,1,Red Hat,kernel-uki-virt,6.12.0-124.52.1.el10_1.x86_64,mailto:secalert@redhat.com -kernel-uki-virt.rocky,1,RESF,kernel-uki-virt,6.12.0-124.52.1.el10_1.x86_64,mailto:security@rockylinux.org +kernel-uki-virt.rhel,1,Red Hat,kernel-uki-virt,6.12.0-124.55.1.el10_1.x86_64,mailto:secalert@redhat.com +kernel-uki-virt.rocky,1,RESF,kernel-uki-virt,6.12.0-124.55.1.el10_1.x86_64,mailto:security@rockylinux.org