similar to: Patch "crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req()" has been added to the 5.7-stable tree

This is a note to let you know that I've just added the patch titled crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() to the 5.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is:

From: Longpeng(Mike) <longpeng2 at huawei.com> commit d90ca42012db2863a9a30b564a2ace6016594bda upstream. The src/dst length is not aligned with AES_BLOCK_SIZE(which is 16) in some testcases in tcrypto.ko. For example, the src/dst length of one of cts(cbc(aes))'s testcase is 17, the crypto_virtio driver will set @src_data_len=16 but @dst_data_len=17 in this case and get a wrong at then

From: Longpeng(Mike) <longpeng2 at huawei.com> commit d90ca42012db2863a9a30b564a2ace6016594bda upstream. The src/dst length is not aligned with AES_BLOCK_SIZE(which is 16) in some testcases in tcrypto.ko. For example, the src/dst length of one of cts(cbc(aes))'s testcase is 17, the crypto_virtio driver will set @src_data_len=16 but @dst_data_len=17 in this case and get a wrong at then

From: Longpeng(Mike) <longpeng2 at huawei.com> [ Upstream commit d90ca42012db2863a9a30b564a2ace6016594bda ] The src/dst length is not aligned with AES_BLOCK_SIZE(which is 16) in some testcases in tcrypto.ko. For example, the src/dst length of one of cts(cbc(aes))'s testcase is 17, the crypto_virtio driver will set @src_data_len=16 but @dst_data_len=17 in this case and get a wrong at

From: Longpeng(Mike) <longpeng2 at huawei.com> [ Upstream commit d90ca42012db2863a9a30b564a2ace6016594bda ] The src/dst length is not aligned with AES_BLOCK_SIZE(which is 16) in some testcases in tcrypto.ko. For example, the src/dst length of one of cts(cbc(aes))'s testcase is 17, the crypto_virtio driver will set @src_data_len=16 but @dst_data_len=17 in this case and get a wrong at

From: Longpeng(Mike) <longpeng2 at huawei.com> [ Upstream commit d90ca42012db2863a9a30b564a2ace6016594bda ] The src/dst length is not aligned with AES_BLOCK_SIZE(which is 16) in some testcases in tcrypto.ko. For example, the src/dst length of one of cts(cbc(aes))'s testcase is 17, the crypto_virtio driver will set @src_data_len=16 but @dst_data_len=17 in this case and get a wrong at

This is a note to let you know that I've just added the patch titled crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() to the 5.7-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is:

From: Longpeng(Mike) <longpeng2 at huawei.com> commit b02989f37fc5e865ceeee9070907e4493b3a21e2 upstream. The system will crash when the users insmod crypto/tcrypt.ko with mode=38 ( testing "cts(cbc(aes))" ). Usually the next entry of one sg will be @sg@ + 1, but if this sg element is part of a chained scatterlist, it could jump to the start of a new scatterlist array. Fix it by

This is a note to let you know that I've just added the patch titled crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() to the 5.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is:

From: Longpeng(Mike) <longpeng2 at huawei.com> commit b02989f37fc5e865ceeee9070907e4493b3a21e2 upstream. The system will crash when the users insmod crypto/tcrypt.ko with mode=38 ( testing "cts(cbc(aes))" ). Usually the next entry of one sg will be @sg@ + 1, but if this sg element is part of a chained scatterlist, it could jump to the start of a new scatterlist array. Fix it by

From: Longpeng(Mike) <longpeng2 at huawei.com> [ Upstream commit b02989f37fc5e865ceeee9070907e4493b3a21e2 ] The system will crash when the users insmod crypto/tcrypt.ko with mode=38 ( testing "cts(cbc(aes))" ). Usually the next entry of one sg will be @sg@ + 1, but if this sg element is part of a chained scatterlist, it could jump to the start of a new scatterlist array. Fix it

From: Longpeng(Mike) <longpeng2 at huawei.com> [ Upstream commit b02989f37fc5e865ceeee9070907e4493b3a21e2 ] The system will crash when the users insmod crypto/tcrypt.ko with mode=38 ( testing "cts(cbc(aes))" ). Usually the next entry of one sg will be @sg@ + 1, but if this sg element is part of a chained scatterlist, it could jump to the start of a new scatterlist array. Fix it

From: Longpeng(Mike) <longpeng2 at huawei.com> [ Upstream commit b02989f37fc5e865ceeee9070907e4493b3a21e2 ] The system will crash when the users insmod crypto/tcrypt.ko with mode=38 ( testing "cts(cbc(aes))" ). Usually the next entry of one sg will be @sg@ + 1, but if this sg element is part of a chained scatterlist, it could jump to the start of a new scatterlist array. Fix it

This is a note to let you know that I've just added the patch titled crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() to the 5.7-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: crypto-virtio-fix-use-after-free-in-virtio_crypto_skcipher_finalize_req.patch

This is a note to let you know that I've just added the patch titled crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() to the 5.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: crypto-virtio-fix-use-after-free-in-virtio_crypto_skcipher_finalize_req.patch

On 2020/5/25 ??8:56, Longpeng(Mike) wrote: > The system will crash when we insmod crypto/tcrypt.ko whit mode=38. > > Usually the next entry of one sg will be @sg@ + 1, but if this sg element > is part of a chained scatterlist, it could jump to the start of a new > scatterlist array. Let's fix it by sg_next() on calculation of src/dst > scatterlist. > > BTW I add a check

From: Longpeng(Mike) <longpeng2 at huawei.com> commit 8c855f0720ff006d75d0a2512c7f6c4f60ff60ee upstream. The system'll crash when the users insmod crypto/tcrypto.ko with mode=155 ( testing "authenc(hmac(sha1),cbc(aes))" ). It's caused by reuse the memory of request structure. In crypto_authenc_init_tfm(), the reqsize is set to: [PART 1] sizeof(authenc_request_ctx) +

From: Longpeng(Mike) <longpeng2 at huawei.com> commit 8c855f0720ff006d75d0a2512c7f6c4f60ff60ee upstream. The system'll crash when the users insmod crypto/tcrypto.ko with mode=155 ( testing "authenc(hmac(sha1),cbc(aes))" ). It's caused by reuse the memory of request structure. In crypto_authenc_init_tfm(), the reqsize is set to: [PART 1] sizeof(authenc_request_ctx) +

> -----Original Message----- > From: Longpeng (Mike, Cloud Infrastructure Service Product Dept.) > Sent: Tuesday, May 26, 2020 11:20 AM > To: linux-crypto at vger.kernel.org > Cc: Longpeng (Mike, Cloud Infrastructure Service Product Dept.) > <longpeng2 at huawei.com>; LABBE Corentin <clabbe at baylibre.com>; Gonglei > (Arei) <arei.gonglei at huawei.com>;

Hi [This is an automated email] This commit has been processed because it contains a "Fixes:" tag fixing commit: dbaf0624ffa5 ("crypto: add virtio-crypto driver"). The bot has tested the following trees: v5.6.15, v5.4.43, v4.19.125, v4.14.182. v5.6.15: Build OK! v5.4.43: Build failed! Errors: drivers/crypto/virtio/virtio_crypto_algs.c:408:35: error: ???struct