[rocky10_1] History Rebuild through kernel-6.12.0-124.55.1.el10_1

Makefile.rhelver

@@ -12,7 +12,7 @@ RHEL_MINOR = 1
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 124.52.1
+RHEL_RELEASE = 124.55.1
 
 #
 # RHEL_REBASE_NUM

ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/1f48ad3b.failed

@@ -0,0 +1,42 @@
+crypto: authencesn - Fix src offset when decrypting in-place
+
+jira KERNEL-943
+Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1
+commit-author Herbert Xu <herbert@gondor.apana.org.au>
+commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/1f48ad3b.failed
+
+The src SG list offset wasn't set properly when decrypting in-place,
+fix it.
+
+	Reported-by: Wolfgang Walter <linux@stwm.de>
+Fixes: e02494114ebf ("crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption")
+	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+(cherry picked from commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	crypto/authencesn.c
+diff --cc crypto/authencesn.c
+index e08032e80f18,af3d584e584f..000000000000
+--- a/crypto/authencesn.c
++++ b/crypto/authencesn.c
+@@@ -243,8 -228,11 +243,15 @@@ static int crypto_authenc_esn_decrypt_t
+
+  decrypt:
+
+++<<<<<<< HEAD
+ +	sg_init_table(areq_ctx->dst, 2);
+++=======
+++>>>>>>> 1f48ad3b19a9 (crypto: authencesn - Fix src offset when decrypting in-place)
+  	dst = scatterwalk_ffwd(areq_ctx->dst, dst, assoclen);
++ 	if (req->src == req->dst)
++ 		src = dst;
++ 	else
++ 		src = scatterwalk_ffwd(areq_ctx->src, src, assoclen);
+
+  	skcipher_request_set_tfm(skreq, ctx->enc);
+  	skcipher_request_set_callback(skreq, flags,
+* Unmerged path crypto/authencesn.c

ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/31d00156.failed

@@ -0,0 +1,60 @@
+crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
+
+jira KERNEL-943
+Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1
+commit-author Herbert Xu <herbert@gondor.apana.org.au>
+commit 31d00156e50ecad37f2cb6cbf04aaa9a260505ef
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/31d00156.failed
+
+When page reassignment was added to af_alg_pull_tsgl the original
+loop wasn't updated so it may try to reassign one more page than
+necessary.
+
+Add the check to the reassignment so that this does not happen.
+
+Also update the comment which still refers to the obsolete offset
+argument.
+
+	Reported-by: syzbot+d23888375c2737c17ba5@syzkaller.appspotmail.com
+Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
+	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+(cherry picked from commit 31d00156e50ecad37f2cb6cbf04aaa9a260505ef)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	crypto/af_alg.c
+diff --cc crypto/af_alg.c
+index 0fc970a8c26c,dd0e5be4d8c0..000000000000
+--- a/crypto/af_alg.c
++++ b/crypto/af_alg.c
+@@@ -726,19 -705,11 +726,27 @@@ void af_alg_pull_tsgl(struct sock *sk, 
+  			 * Assumption: caller created af_alg_count_tsgl(len)
+  			 * SG entries in dst.
+  			 */
+++<<<<<<< HEAD
+ +			if (dst) {
+ +				if (dst_offset >= plen) {
+ +					/* discard page before offset */
+ +					dst_offset -= plen;
+ +				} else {
+ +					/* reassign page to dst after offset */
+ +					get_page(page);
+ +					sg_set_page(dst + j, page,
+ +						    plen - dst_offset,
+ +						    sg[i].offset + dst_offset);
+ +					dst_offset = 0;
+ +					j++;
+ +				}
+++=======
++ 			if (dst && plen) {
++ 				/* reassign page to dst */
++ 				get_page(page);
++ 				sg_set_page(dst + j, page, plen, sg[i].offset);
++ 				j++;
+++>>>>>>> 31d00156e50e (crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl)
+  			}
+
+  			sg[i].length -= plen;
+* Unmerged path crypto/af_alg.c

ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/5aa58c3a.failed

@@ -0,0 +1,144 @@
+crypto: algif_aead - snapshot IV for async AEAD requests
+
+jira KERNEL-943
+Rebuild_History Non-Buildable kernel-6.12.0-124.55.1.el10_1
+commit-author Douya Le <ldy3087146292@gmail.com>
+commit 5aa58c3a572b3e3b6c786953339f7978b845cc52
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-6.12.0-124.55.1.el10_1/5aa58c3a.failed
+
+AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during
+request processing.  For async requests, later socket activity can
+update that shared state before the original request has fully
+completed, which can lead to inconsistent IV handling.
+
+Snapshot the IV into per-request storage when preparing the AEAD
+request, so in-flight operations no longer depend on mutable socket
+state.
+
+Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
+	Cc: stable@kernel.org
+	Reported-by: Yuan Tan <yuantan098@gmail.com>
+	Reported-by: Yifan Wu <yifanwucs@gmail.com>
+	Reported-by: Juefei Pu <tomapufckgml@gmail.com>
+	Reported-by: Xin Liu <bird@lzu.edu.cn>
+Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn>
+	Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn>
+	Tested-by: Yucheng Lu <kanolyc@gmail.com>
+	Signed-off-by: Douya Le <ldy3087146292@gmail.com>
+	Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
+	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+(cherry picked from commit 5aa58c3a572b3e3b6c786953339f7978b845cc52)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	crypto/algif_aead.c
+diff --cc crypto/algif_aead.c
+index 481e66f8708b,cb651ab58d62..000000000000
+--- a/crypto/algif_aead.c
++++ b/crypto/algif_aead.c
+@@@ -93,13 -70,12 +93,20 @@@ static int _aead_recvmsg(struct socket 
+  	struct sock *psk = ask->parent;
+  	struct alg_sock *pask = alg_sk(psk);
+  	struct af_alg_ctx *ctx = ask->private;
+++<<<<<<< HEAD
+ +	struct aead_tfm *aeadc = pask->private;
+ +	struct crypto_aead *tfm = aeadc->aead;
+ +	struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm;
+ +	unsigned int i, as = crypto_aead_authsize(tfm);
+++=======
++ 	struct crypto_aead *tfm = pask->private;
++ 	unsigned int as = crypto_aead_authsize(tfm);
++ 	unsigned int ivsize = crypto_aead_ivsize(tfm);
+++>>>>>>> 5aa58c3a572b (crypto: algif_aead - snapshot IV for async AEAD requests)
+  	struct af_alg_async_req *areq;
+ +	struct af_alg_tsgl *tsgl, *tmp;
+  	struct scatterlist *rsgl_src, *tsgl_src = NULL;
++ 	void *iv;
+  	int err = 0;
+  	size_t used = 0;		/* [in]  TX bufs to be en/decrypted */
+  	size_t outlen = 0;		/* [out] RX bufs produced by kernel */
+@@@ -212,75 -189,11 +223,80 @@@
+  	/* Use the RX SGL as source (and destination) for crypto op. */
+  	rsgl_src = areq->first_rsgl.sgl.sgt.sgl;
+
+ -	memcpy_sglist(rsgl_src, tsgl_src, ctx->aead_assoclen);
+ +	if (ctx->enc) {
+ +		/*
+ +		 * Encryption operation - The in-place cipher operation is
+ +		 * achieved by the following operation:
+ +		 *
+ +		 * TX SGL: AAD || PT
+ +		 *	    |	   |
+ +		 *	    | copy |
+ +		 *	    v	   v
+ +		 * RX SGL: AAD || PT || Tag
+ +		 */
+ +		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
+ +					   areq->first_rsgl.sgl.sgt.sgl,
+ +					   processed);
+ +		if (err)
+ +			goto free;
+ +		af_alg_pull_tsgl(sk, processed, NULL, 0);
+ +	} else {
+ +		/*
+ +		 * Decryption operation - To achieve an in-place cipher
+ +		 * operation, the following  SGL structure is used:
+ +		 *
+ +		 * TX SGL: AAD || CT || Tag
+ +		 *	    |	   |	 ^
+ +		 *	    | copy |	 | Create SGL link.
+ +		 *	    v	   v	 |
+ +		 * RX SGL: AAD || CT ----+
+ +		 */
+ +
+ +		 /* Copy AAD || CT to RX SGL buffer for in-place operation. */
+ +		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
+ +					   areq->first_rsgl.sgl.sgt.sgl,
+ +					   outlen);
+ +		if (err)
+ +			goto free;
+ +
+ +		/* Create TX SGL for tag and chain it to RX SGL. */
+ +		areq->tsgl_entries = af_alg_count_tsgl(sk, processed,
+ +						       processed - as);
+ +		if (!areq->tsgl_entries)
+ +			areq->tsgl_entries = 1;
+ +		areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),
+ +							 areq->tsgl_entries),
+ +					  GFP_KERNEL);
+ +		if (!areq->tsgl) {
+ +			err = -ENOMEM;
+ +			goto free;
+ +		}
+ +		sg_init_table(areq->tsgl, areq->tsgl_entries);
+ +
+ +		/* Release TX SGL, except for tag data and reassign tag data. */
+ +		af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as);
+ +
+ +		/* chain the areq TX SGL holding the tag with RX SGL */
+ +		if (usedpages) {
+ +			/* RX SGL present */
+ +			struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;
+ +			struct scatterlist *sg = sgl_prev->sgt.sgl;
+ +
+ +			sg_unmark_end(sg + sgl_prev->sgt.nents - 1);
+ +			sg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl);
+ +		} else
+ +			/* no RX SGL present (e.g. authentication only) */
+ +			rsgl_src = areq->tsgl;
+ +	}
+
+  	/* Initialize the crypto operation */
+++<<<<<<< HEAD
+ +	aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
+ +			       areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
+++=======
++ 	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
++ 			       areq->first_rsgl.sgl.sgt.sgl, used, iv);
+++>>>>>>> 5aa58c3a572b (crypto: algif_aead - snapshot IV for async AEAD requests)
+  	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
+  	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
+
+* Unmerged path crypto/algif_aead.c