[kernel] r22511 - in dists/sid/linux/debian: . patches patches/bugfix/all patches/bugfix/x86

Ben Hutchings benh at moszumanska.debian.org
Wed Apr 15 18:06:36 UTC 2015 

Author: benh
Date: Wed Apr 15 18:06:36 2015
New Revision: 22511

Log:
Add two security fixes

Added:
   dists/sid/linux/debian/patches/bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch
   dists/sid/linux/debian/patches/bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch
Modified:
   dists/sid/linux/debian/changelog
   dists/sid/linux/debian/patches/series

Modified: dists/sid/linux/debian/changelog
==============================================================================
--- dists/sid/linux/debian/changelog	Wed Apr 15 18:03:25 2015	(r22510)
+++ dists/sid/linux/debian/changelog	Wed Apr 15 18:06:36 2015	(r22511)
@@ -1,3 +1,10 @@
+linux (3.16.7-ckt9-3) UNRELEASED; urgency=medium
+
+  * [x86] crypto: aesni - fix memory usage in GCM decryption (Closes: #782561)
+  * tcp: Fix crash in TCP Fast Open (Closes: #782515)
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Wed, 15 Apr 2015 17:17:13 +0100
+
 linux (3.16.7-ckt9-2) unstable; urgency=medium
 
   * btrfs: simplify insert_orphan_item (Closes: #782362)

Added: dists/sid/linux/debian/patches/bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux/debian/patches/bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch	Wed Apr 15 18:06:36 2015	(r22511)
@@ -0,0 +1,39 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Wed, 15 Apr 2015 17:26:54 +0100
+Subject: tcp: Fix crash in TCP Fast Open
+Bug-Debian: https://bugs.debian.org/782515
+Forwarded: http://mid.gmane.org/1429120832.3211.91.camel@decadent.org.uk
+
+Commit 355a901e6cf1 ("tcp: make connect() mem charging friendly")
+changed tcp_send_syn_data() to perform an open-coded copy of the 'syn'
+skb rather than using skb_copy_expand().
+
+The open-coded copy does not cover the skb_shared_info::gso_segs
+field, so in the new skb it is left set to 0.  When this commit was
+backported into stable branches between 3.10.y and 3.16.7-ckty
+inclusive, it triggered the BUG() in tcp_transmit_skb().
+
+Since Linux 3.18 the GSO segment count is kept in the
+tcp_skb_cb::tcp_gso_segs field and tcp_send_syn_data() does copy the
+tcp_skb_cb structure to the new skb, so mainline and newer stable
+branches are not affected.
+
+Set skb_shared_info::gso_segs to the correct value of 1.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ net/ipv4/tcp_output.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
+index d5457e4..1ea0a07 100644
+--- a/net/ipv4/tcp_output.c
++++ b/net/ipv4/tcp_output.c
+@@ -2992,6 +2992,7 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
+ 		goto fallback;
+ 	syn_data->ip_summed = CHECKSUM_PARTIAL;
+ 	memcpy(syn_data->cb, syn->cb, sizeof(syn->cb));
++	skb_shinfo(syn_data)->gso_segs = 1;
+ 	if (unlikely(memcpy_fromiovecend(skb_put(syn_data, space),
+ 					 fo->data->msg_iov, 0, space))) {
+ 		kfree_skb(syn_data);

Added: dists/sid/linux/debian/patches/bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux/debian/patches/bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch	Wed Apr 15 18:06:36 2015	(r22511)
@@ -0,0 +1,63 @@
+From: Stephan Mueller <smueller at chronox.de>
+Date: Thu, 12 Mar 2015 09:17:51 +0100
+Subject: crypto: aesni - fix memory usage in GCM decryption
+Origin: https://git.kernel.org/linus/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
+Bug-Debian: https://bugs.debian.org/782561
+
+The kernel crypto API logic requires the caller to provide the
+length of (ciphertext || authentication tag) as cryptlen for the
+AEAD decryption operation. Thus, the cipher implementation must
+calculate the size of the plaintext output itself and cannot simply use
+cryptlen.
+
+The RFC4106 GCM decryption operation tries to overwrite cryptlen memory
+in req->dst. As the destination buffer for decryption only needs to hold
+the plaintext memory but cryptlen references the input buffer holding
+(ciphertext || authentication tag), the assumption of the destination
+buffer length in RFC4106 GCM operation leads to a too large size. This
+patch simply uses the already calculated plaintext size.
+
+In addition, this patch fixes the offset calculation of the AAD buffer
+pointer: as mentioned before, cryptlen already includes the size of the
+tag. Thus, the tag does not need to be added. With the addition, the AAD
+will be written beyond the already allocated buffer.
+
+Note, this fixes a kernel crash that can be triggered from user space
+via AF_ALG(aead) -- simply use the libkcapi test application
+from [1] and update it to use rfc4106-gcm-aes.
+
+Using [1], the changes were tested using CAVS vectors to demonstrate
+that the crypto operation still delivers the right results.
+
+[1] http://www.chronox.de/libkcapi.html
+
+CC: Tadeusz Struk <tadeusz.struk at intel.com>
+Cc: stable at vger.kernel.org
+Signed-off-by: Stephan Mueller <smueller at chronox.de>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+---
+ arch/x86/crypto/aesni-intel_glue.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
+index 6dfb7d0..6d4faba 100644
+--- a/arch/x86/crypto/aesni-intel_glue.c
++++ b/arch/x86/crypto/aesni-intel_glue.c
+@@ -1109,7 +1109,7 @@ static int __driver_rfc4106_decrypt(struct aead_request *req)
+ 		src = kmalloc(req->cryptlen + req->assoclen, GFP_ATOMIC);
+ 		if (!src)
+ 			return -ENOMEM;
+-		assoc = (src + req->cryptlen + auth_tag_len);
++		assoc = (src + req->cryptlen);
+ 		scatterwalk_map_and_copy(src, req->src, 0, req->cryptlen, 0);
+ 		scatterwalk_map_and_copy(assoc, req->assoc, 0,
+ 			req->assoclen, 0);
+@@ -1134,7 +1134,7 @@ static int __driver_rfc4106_decrypt(struct aead_request *req)
+ 		scatterwalk_done(&src_sg_walk, 0, 0);
+ 		scatterwalk_done(&assoc_sg_walk, 0, 0);
+ 	} else {
+-		scatterwalk_map_and_copy(dst, req->dst, 0, req->cryptlen, 1);
++		scatterwalk_map_and_copy(dst, req->dst, 0, tempCipherLen, 1);
+ 		kfree(src);
+ 	}
+ 	return retval;

Modified: dists/sid/linux/debian/patches/series
==============================================================================
--- dists/sid/linux/debian/patches/series	Wed Apr 15 18:03:25 2015	(r22510)
+++ dists/sid/linux/debian/patches/series	Wed Apr 15 18:06:36 2015	(r22511)
@@ -578,3 +578,6 @@
 debian/procfs-avoid-abi-change-in-3.16.7-ckt8.patch
 
 bugfix/all/btrfs-simplify-insert_orphan_item.patch
+
+bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch
+bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch

More information about the Kernel-svn-changes mailing list