diff options
| -rw-r--r-- | ccm-stack.patch | 49 | ||||
| -rw-r--r-- | kernel.spec | 6 |
2 files changed, 55 insertions, 0 deletions
diff --git a/ccm-stack.patch b/ccm-stack.patch new file mode 100644 index 000000000..b4228c5a4 --- /dev/null +++ b/ccm-stack.patch @@ -0,0 +1,49 @@ +From 3b30460c5b0ed762be75a004e924ec3f8711e032 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Date: Mon, 27 Feb 2017 15:30:56 +0000 +Subject: crypto: ccm - move cbcmac input off the stack + +Commit f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver") +refactored the CCM driver to allow separate implementations of the +underlying MAC to be provided by a platform. However, in doing so, it +moved some data from the linear region to the stack, which violates the +SG constraints when the stack is virtually mapped. + +So move idata/odata back to the request ctx struct, of which we can +reasonably expect that it has been allocated using kmalloc() et al. + +Reported-by: Johannes Berg <johannes@sipsolutions.net> +Fixes: f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver") +Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Tested-by: Johannes Berg <johannes@sipsolutions.net> +Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> +--- + crypto/ccm.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/crypto/ccm.c b/crypto/ccm.c +index 4428488..1ce37ae 100644 +--- a/crypto/ccm.c ++++ b/crypto/ccm.c +@@ -45,6 +45,7 @@ struct crypto_rfc4309_req_ctx { + + struct crypto_ccm_req_priv_ctx { + u8 odata[16]; ++ u8 idata[16]; + u8 auth_tag[16]; + u32 flags; + struct scatterlist src[3]; +@@ -183,8 +184,8 @@ static int crypto_ccm_auth(struct aead_request *req, struct scatterlist *plain, + AHASH_REQUEST_ON_STACK(ahreq, ctx->mac); + unsigned int assoclen = req->assoclen; + struct scatterlist sg[3]; +- u8 odata[16]; +- u8 idata[16]; ++ u8 *odata = pctx->odata; ++ u8 *idata = pctx->idata; + int ilen, err; + + /* format control data for input */ +-- +cgit v0.12 + diff --git a/kernel.spec b/kernel.spec index 244394c65..8da3818e5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -593,6 +593,9 @@ Patch509: MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch #CVE-2016-3134 rhbz 1317383 1317384 Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch +#rhbz 1427593 +Patch666: ccm-stack.patch + # END OF PATCH DEFINITIONS %endif @@ -2157,6 +2160,9 @@ fi # # %changelog +* Tue Feb 28 2017 Laura Abbott <labbott@fedoraproject.org> +- Fix for yet another stack variable in crypto (rhbz 1427593) + * Tue Feb 28 2017 Laura Abbott <labbott@fedoraproject.org> - 4.11.0-0.rc0.git6.1 - Linux v4.10-10531-g86292b3 |