redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
Fork of reMarkable kernel https://github.com/reMarkable/linux
714,326 Commits
26 Branches
0 Tags
2.7 GiB
C 97.7%
Assembly 1.6%
Makefile 0.3%
Perl 0.1%
 
 
 
 
Go to file
Eric Biggers e7aefb13e6 crypto: vmac - separate tfm and request context 
commit bb29648102 upstream.

syzbot reported a crash in vmac_final() when multiple threads
concurrently use the same "vmac(aes)" transform through AF_ALG.  The bug
is pretty fundamental: the VMAC template doesn't separate per-request
state from per-tfm (per-key) state like the other hash algorithms do,
but rather stores it all in the tfm context.  That's wrong.

Also, vmac_final() incorrectly zeroes most of the state including the
derived keys and cached pseudorandom pad.  Therefore, only the first
VMAC invocation with a given key calculates the correct digest.

Fix these bugs by splitting the per-tfm state from the per-request state
and using the proper init/update/final sequencing for requests.

Reproducer for the crash:

    #include <linux/if_alg.h>
    #include <sys/socket.h>
    #include <unistd.h>

    int main()
    {
            int fd;
            struct sockaddr_alg addr = {
                    .salg_type = "hash",
                    .salg_name = "vmac(aes)",
            };
            char buf[256] = { 0 };

            fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
            bind(fd, (void *)&addr, sizeof(addr));
            setsockopt(fd, SOL_ALG, ALG_SET_KEY, buf, 16);
            fork();
            fd = accept(fd, NULL, NULL);
            for (;;)
                    write(fd, buf, 256);
    }

The immediate cause of the crash is that vmac_ctx_t.partial_size exceeds
VMAC_NHBYTES, causing vmac_final() to memset() a negative length.

Reported-by: syzbot+264bca3a6e8d645550d3@syzkaller.appspotmail.com
Fixes: f1939f7c56 ("crypto: vmac - New hash algorithm for intel_txt support")
Cc: <stable@vger.kernel.org> # v2.6.32+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-08-17 21:01:10 +02:00
Documentation kbuild: verify that $DEPMOD is installed 2018-08-17 21:01:10 +02:00
arch crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() 2018-08-17 21:01:10 +02:00
block block: reset bi_iter.bi_done after splitting bio 2018-08-03 07:50:42 +02:00
certs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
crypto crypto: vmac - separate tfm and request context 2018-08-17 21:01:10 +02:00
drivers x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-15 18:12:58 +02:00
firmware License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs fix __legitimize_mnt()/mntput() race 2018-08-15 18:12:48 +02:00
include crypto: vmac - separate tfm and request context 2018-08-17 21:01:10 +02:00
init init: rename and re-order boot_cpu_state_init() 2018-08-15 18:12:48 +02:00
ipc ipc/shm: fix shmat() nil address after round-down when remapping 2018-05-30 07:51:49 +02:00
kernel cpu/hotplug: Non-SMP machines do not make use of booted_once 2018-08-15 18:13:01 +02:00
lib lib/rhashtable: consider param->min_size when setting initial table size 2018-07-25 11:25:09 +02:00
mm x86/speculation/l1tf: Limit swap file size to MAX_PA/2 2018-08-15 18:12:51 +02:00
net netlink: Don't shift on 64 for ngroups 2018-08-09 12:16:38 +02:00
samples samples/bpf: Partially fixes the bpf.o build 2018-04-26 11:02:12 +02:00
scripts kbuild: verify that $DEPMOD is installed 2018-08-17 21:01:10 +02:00
security ima: based on policy verify firmware signatures (pre-allocated buffer) 2018-08-03 07:50:31 +02:00
sound ASoC: topology: Add missing clock gating parameter when parsing hw_configs 2018-08-03 07:50:42 +02:00
tools tools headers: Synchronise x86 cpufeatures.h for L1TF additions 2018-08-15 18:13:01 +02:00
usr initramfs: fix initramfs rebuilds w/ compression after disabling 2017-11-03 07:39:19 -07:00
virt KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. 2018-07-25 11:25:07 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Add hch to .get_maintainer.ignore 2015-08-21 14:30:10 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper 2018-02-13 10:19:46 +01:00
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address 2017-11-10 12:16:15 -08:00
COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes 2017-11-09 17:58:40 -08:00
Kbuild License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
MAINTAINERS dt-bindings: Document mti,mips-cpc binding 2018-03-15 10:54:35 +01:00
Makefile Linux 4.14.63 2018-08-15 18:13:02 +02:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.