[PATCH 0/1][Bionic] s390/crypto: Fix return code checking in cbc_paes_crypt()

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH 0/1][Bionic] s390/crypto: Fix return code checking in cbc_paes_crypt()

Seth Forshee
BugLink: http://bugs.launchpad.net/bugs/1794294

SRU Justification

Impact: An incorrect return value check can result in a protected key not
being re-transformed when it became invalid.

Fix: Upstream commit b81126e01a8c6048249955feea46c8217ebefa91.

Regression Potential: This is a trivial patch to an architecture-specific
driver, so there is minimal potential for regression. The patch is also
marked for upstream stable.

---

Ingo Franzki (1):
  s390/crypto: Fix return code checking in cbc_paes_crypt()

 arch/s390/crypto/paes_s390.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/1][Bionic] s390/crypto: Fix return code checking in cbc_paes_crypt()

Seth Forshee
From: Ingo Franzki <[hidden email]>

BugLink: http://bugs.launchpad.net/bugs/1794294

The return code of cpacf_kmc() is less than the number of
bytes to process in case of an error, not greater.
The crypt routines for the other cipher modes already have
this correctly.

Cc: [hidden email] # v4.11+
Fixes: 279378430768 ("s390/crypt: Add protected key AES module")
Signed-off-by: Ingo Franzki <[hidden email]>
Acked-by: Harald Freudenberger <[hidden email]>
Signed-off-by: Martin Schwidefsky <[hidden email]>
(cherry picked from commit b81126e01a8c6048249955feea46c8217ebefa91)
Signed-off-by: Seth Forshee <[hidden email]>
---
 arch/s390/crypto/paes_s390.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
index 80b27294c1de..ab9a0ebecc19 100644
--- a/arch/s390/crypto/paes_s390.c
+++ b/arch/s390/crypto/paes_s390.c
@@ -208,7 +208,7 @@ static int cbc_paes_crypt(struct blkcipher_desc *desc, unsigned long modifier,
       walk->dst.virt.addr, walk->src.virt.addr, n);
  if (k)
  ret = blkcipher_walk_done(desc, walk, nbytes - k);
- if (n < k) {
+ if (k < n) {
  if (__cbc_paes_set_key(ctx) != 0)
  return blkcipher_walk_done(desc, walk, -EIO);
  memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
--
2.17.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [PATCH 1/1][Bionic] s390/crypto: Fix return code checking in cbc_paes_crypt()

Colin Ian King-2
On 26/09/18 15:37, Seth Forshee wrote:

> From: Ingo Franzki <[hidden email]>
>
> BugLink: http://bugs.launchpad.net/bugs/1794294
>
> The return code of cpacf_kmc() is less than the number of
> bytes to process in case of an error, not greater.
> The crypt routines for the other cipher modes already have
> this correctly.
>
> Cc: [hidden email] # v4.11+
> Fixes: 279378430768 ("s390/crypt: Add protected key AES module")
> Signed-off-by: Ingo Franzki <[hidden email]>
> Acked-by: Harald Freudenberger <[hidden email]>
> Signed-off-by: Martin Schwidefsky <[hidden email]>
> (cherry picked from commit b81126e01a8c6048249955feea46c8217ebefa91)
> Signed-off-by: Seth Forshee <[hidden email]>
> ---
>  arch/s390/crypto/paes_s390.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
> index 80b27294c1de..ab9a0ebecc19 100644
> --- a/arch/s390/crypto/paes_s390.c
> +++ b/arch/s390/crypto/paes_s390.c
> @@ -208,7 +208,7 @@ static int cbc_paes_crypt(struct blkcipher_desc *desc, unsigned long modifier,
>        walk->dst.virt.addr, walk->src.virt.addr, n);
>   if (k)
>   ret = blkcipher_walk_done(desc, walk, nbytes - k);
> - if (n < k) {
> + if (k < n) {
>   if (__cbc_paes_set_key(ctx) != 0)
>   return blkcipher_walk_done(desc, walk, -EIO);
>   memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
>

Clean upstream cherry pick. Makes sense.

Acked-by: Colin Ian King <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [PATCH 1/1][Bionic] s390/crypto: Fix return code checking in cbc_paes_crypt()

Stefan Bader-2
In reply to this post by Seth Forshee
On 26.09.2018 16:37, Seth Forshee wrote:

> From: Ingo Franzki <[hidden email]>
>
> BugLink: http://bugs.launchpad.net/bugs/1794294
>
> The return code of cpacf_kmc() is less than the number of
> bytes to process in case of an error, not greater.
> The crypt routines for the other cipher modes already have
> this correctly.
>
> Cc: [hidden email] # v4.11+
> Fixes: 279378430768 ("s390/crypt: Add protected key AES module")
> Signed-off-by: Ingo Franzki <[hidden email]>
> Acked-by: Harald Freudenberger <[hidden email]>
> Signed-off-by: Martin Schwidefsky <[hidden email]>
> (cherry picked from commit b81126e01a8c6048249955feea46c8217ebefa91)
> Signed-off-by: Seth Forshee <[hidden email]>
Acked-by: Stefan Bader <[hidden email]>

> ---
>  arch/s390/crypto/paes_s390.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
> index 80b27294c1de..ab9a0ebecc19 100644
> --- a/arch/s390/crypto/paes_s390.c
> +++ b/arch/s390/crypto/paes_s390.c
> @@ -208,7 +208,7 @@ static int cbc_paes_crypt(struct blkcipher_desc *desc, unsigned long modifier,
>        walk->dst.virt.addr, walk->src.virt.addr, n);
>   if (k)
>   ret = blkcipher_walk_done(desc, walk, nbytes - k);
> - if (n < k) {
> + if (k < n) {
>   if (__cbc_paes_set_key(ctx) != 0)
>   return blkcipher_walk_done(desc, walk, -EIO);
>   memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

APPLIED: [PATCH 0/1][Bionic] s390/crypto: Fix return code checking in cbc_paes_crypt()

Stefan Bader-2
In reply to this post by Seth Forshee
On 26.09.2018 16:37, Seth Forshee wrote:

> BugLink: http://bugs.launchpad.net/bugs/1794294
>
> SRU Justification
>
> Impact: An incorrect return value check can result in a protected key not
> being re-transformed when it became invalid.
>
> Fix: Upstream commit b81126e01a8c6048249955feea46c8217ebefa91.
>
> Regression Potential: This is a trivial patch to an architecture-specific
> driver, so there is minimal potential for regression. The patch is also
> marked for upstream stable.
>
> ---
>
> Ingo Franzki (1):
>   s390/crypto: Fix return code checking in cbc_paes_crypt()
>
>  arch/s390/crypto/paes_s390.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
>
Applied to bionic/master-next. Thanks.

-Stefan


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment