From 5c2ab4e801af208f640dc06a07e6a55cca2c1d74 Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Tue, 9 Jul 2019 13:27:52 -0500
Subject: Linux v5.2.0

---
 ...x-unaligned-memory-access-in-ghash_setkey.patch | 142 +++++++++++++++++++++
 1 file changed, 142 insertions(+)
 create mode 100644 crypto-ghash-fix-unaligned-memory-access-in-ghash_setkey.patch

(limited to 'crypto-ghash-fix-unaligned-memory-access-in-ghash_setkey.patch')

diff --git a/crypto-ghash-fix-unaligned-memory-access-in-ghash_setkey.patch b/crypto-ghash-fix-unaligned-memory-access-in-ghash_setkey.patch
new file mode 100644
index 000000000..f0de198b4
--- /dev/null
+++ b/crypto-ghash-fix-unaligned-memory-access-in-ghash_setkey.patch
@@ -0,0 +1,142 @@
+From patchwork Thu May 30 17:50:39 2019
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Eric Biggers <ebiggers@kernel.org>
+X-Patchwork-Id: 10969147
+Return-Path: 
+ <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
+Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
+ [172.30.200.125])
+	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 39D0814C0
+	for <patchwork-linux-arm@patchwork.kernel.org>;
+ Thu, 30 May 2019 17:51:56 +0000 (UTC)
+Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
+	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 28A9728C00
+	for <patchwork-linux-arm@patchwork.kernel.org>;
+ Thu, 30 May 2019 17:51:56 +0000 (UTC)
+Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
+	id 1C78028C0A; Thu, 30 May 2019 17:51:56 +0000 (UTC)
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+	pdx-wl-mail.web.codeaurora.org
+X-Spam-Level: 
+X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED,
+	DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
+Received: from bombadil.infradead.org (bombadil.infradead.org
+ [198.137.202.133])
+	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
+	(No client certificate requested)
+	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B197628C0C
+	for <patchwork-linux-arm@patchwork.kernel.org>;
+ Thu, 30 May 2019 17:51:55 +0000 (UTC)
+DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
+	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
+	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
+	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To
+	:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
+	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
+	List-Owner; bh=CNSxoFvnqNOKLw5IF2bRVNsbx0OBmDMrD3iLmG0w6/0=; b=Ut1/1rp209fwMB
+	BGNwLQoUhOy0VzSHRlu9bynYddVY64Hme75tVBdecGOwpejga50uQ/qqonHcT3zY9UNHPxqnWJkCc
+	+cCFO73krVE6DPfSoeSSgYyEFxj1vKbrqvaZEmJMf63dXY+kDQQUFaKrXemNEwe1w4IGhfvH0kdPX
+	P5qiWS+vtPES3xiX9Ib4CoHYfZK1PK15mpoa3UdxsDUDCbWh0JB6PDhA8Z4hyKk05QDdHyeZ0IW/m
+	Y+xI4v4HT4nNquQDAZ6pcvD5eo3z+F7JrIWxliKzK4tpbnuufutuh1uEgZE8xkY4nKNPN8oefkcuK
+	ItWkVJ8LzibR3g7ToZcg==;
+Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
+	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
+	id 1hWPDQ-0000dL-32; Thu, 30 May 2019 17:51:48 +0000
+Received: from mail.kernel.org ([198.145.29.99])
+ by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux))
+ id 1hWPDN-0000d1-N0
+ for linux-arm-kernel@lists.infradead.org; Thu, 30 May 2019 17:51:46 +0000
+Received: from ebiggers-linuxstation.mtv.corp.google.com (unknown
+ [104.132.1.77])
+ (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
+ (No client certificate requested)
+ by mail.kernel.org (Postfix) with ESMTPSA id 298D925EBD;
+ Thu, 30 May 2019 17:51:45 +0000 (UTC)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
+ s=default; t=1559238705;
+ bh=i3XOSxLt0gd25Lvgu66PwiGPL7WdnuFqSIPbfSPRNvs=;
+ h=From:To:Cc:Subject:Date:From;
+ b=rdLpfIoVgc/waPa/9jjiNG++x8Ie13iqFnrqFxGMBVvq5z5bOtk5kqjgmoUd9EqNh
+ xaTAvep02q+Ww1Bxy9imO7Z98/KYj5jqMwhBXRwW10U8QdMwnmPyXc4nz19bRSP2XJ
+ Xaix7O+I2Qi5LiV+n1IAEWeN19gjYBYLSopFY8Cw=
+From: Eric Biggers <ebiggers@kernel.org>
+To: linux-crypto@vger.kernel.org
+Subject: [PATCH] crypto: ghash - fix unaligned memory access in ghash_setkey()
+Date: Thu, 30 May 2019 10:50:39 -0700
+Message-Id: <20190530175039.195574-1-ebiggers@kernel.org>
+X-Mailer: git-send-email 2.22.0.rc1.257.g3120a18244-goog
+MIME-Version: 1.0
+X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
+X-CRM114-CacheID: sfid-20190530_105145_765710_080A4ED4 
+X-CRM114-Status: GOOD (  12.92  )
+X-BeenThere: linux-arm-kernel@lists.infradead.org
+X-Mailman-Version: 2.1.21
+Precedence: list
+List-Id: <linux-arm-kernel.lists.infradead.org>
+List-Unsubscribe: 
+ <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
+ <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
+List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
+List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
+List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
+List-Subscribe: 
+ <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
+ <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
+Cc: stable@vger.kernel.org, Peter Robinson <pbrobinson@gmail.com>,
+ linux-arm-kernel@lists.infradead.org
+Content-Type: text/plain; charset="us-ascii"
+Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
+Errors-To: 
+ linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
+X-Virus-Scanned: ClamAV using ClamSMTP
+
+From: Eric Biggers <ebiggers@google.com>
+
+Changing ghash_mod_init() to be subsys_initcall made it start running
+before the alignment fault handler has been installed on ARM.  In kernel
+builds where the keys in the ghash test vectors happened to be
+misaligned in the kernel image, this exposed the longstanding bug that
+ghash_setkey() is incorrectly casting the key buffer (which can have any
+alignment) to be128 for passing to gf128mul_init_4k_lle().
+
+Fix this by memcpy()ing the key to a temporary buffer.
+
+Don't fix it by setting an alignmask on the algorithm instead because
+that would unnecessarily force alignment of the data too.
+
+Fixes: 2cdc6899a88e ("crypto: ghash - Add GHASH digest algorithm for GCM")
+Reported-by: Peter Robinson <pbrobinson@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+---
+ crypto/ghash-generic.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
+index e6307935413c1..c8a347798eae6 100644
+--- a/crypto/ghash-generic.c
++++ b/crypto/ghash-generic.c
+@@ -34,6 +34,7 @@ static int ghash_setkey(struct crypto_shash *tfm,
+ 			const u8 *key, unsigned int keylen)
+ {
+ 	struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
++	be128 k;
+ 
+ 	if (keylen != GHASH_BLOCK_SIZE) {
+ 		crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+@@ -42,7 +43,12 @@ static int ghash_setkey(struct crypto_shash *tfm,
+ 
+ 	if (ctx->gf128)
+ 		gf128mul_free_4k(ctx->gf128);
+-	ctx->gf128 = gf128mul_init_4k_lle((be128 *)key);
++
++	BUILD_BUG_ON(sizeof(k) != GHASH_BLOCK_SIZE);
++	memcpy(&k, key, GHASH_BLOCK_SIZE); /* avoid violating alignment rules */
++	ctx->gf128 = gf128mul_init_4k_lle(&k);
++	memzero_explicit(&k, GHASH_BLOCK_SIZE);
++
+ 	if (!ctx->gf128)
+ 		return -ENOMEM;
+ 
-- 
cgit