Eric Lee / smarc-fsl-linux-kernel

05 Jul, 2019

1 commit

03 Jul, 2019

1 commit

  • c8ea9fce2   lib/mpi: Fix karactx leak in mpi_powm ... Browse Code »

    Sometimes mpi_powm will leak karactx because a memory allocation
    failure causes a bail-out that skips the freeing of karactx. This
    patch moves the freeing of karactx to the end of the function like
    everything else so that it can't be skipped.

    Reported-by: syzbot+f7baccc38dcc1e094e77@syzkaller.appspotmail.com
    Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files...")
    Cc:
    Signed-off-by: Herbert Xu
    Reviewed-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Herbert Xu
     

24 May, 2019

1 commit

  • 465ae8369   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 26 ... Browse Code »

    Based on 1 normalized pattern(s):

    gnupg is free software you can redistribute it and or modify it
    under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version gnupg is distributed in the hope that
    it will be useful but without any warranty without even the implied
    warranty of merchantability or fitness for a particular purpose see
    the gnu general public license for more details you should have
    received a copy of the gnu general public license along with this
    program if not write to the free software foundation inc 59 temple
    place suite 330 boston ma 02111 1307 usa note this code is heavily
    based on the gnu mp library actually it s the same code with only
    minor changes in the way the data is stored this is to support the
    abstraction of an optional secure memory allocation which may be
    used to avoid revealing of sensitive data due to paging etc the gnu
    mp library itself is published under the lgpl however i decided to
    publish this code under the plain gpl

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-or-later

    has been chosen to replace the boilerplate/reference in 14 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Allison Randal
    Reviewed-by: Kate Stewart
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190520170856.639982569@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

07 Aug, 2018

1 commit

10 Nov, 2017

1 commit

  • 1d9ddde12   lib/mpi: call cond_resched() from mpi_powm() loop ... Browse Code »

    On a non-preemptible kernel, if KEYCTL_DH_COMPUTE is called with the
    largest permitted inputs (16384 bits), the kernel spends 10+ seconds
    doing modular exponentiation in mpi_powm() without rescheduling. If all
    threads do it, it locks up the system. Moreover, it can cause
    rcu_sched-stall warnings.

    Notwithstanding the insanity of doing this calculation in kernel mode
    rather than in userspace, fix it by calling cond_resched() as each bit
    from the exponent is processed. It's still noninterruptible, but at
    least it's preemptible now.

    Do the cond_resched() once per bit rather than once per MPI limb because
    each limb might still easily take 100+ milliseconds on slow CPUs.

    Cc: # v4.12+
    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

25 Nov, 2016

1 commit

  • f5527ffff   mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] ... Browse Code »

    This fixes CVE-2016-8650.

    If mpi_powm() is given a zero exponent, it wants to immediately return
    either 1 or 0, depending on the modulus. However, if the result was
    initalised with zero limb space, no limbs space is allocated and a
    NULL-pointer exception ensues.

    Fix this by allocating a minimal amount of limb space for the result when
    the 0-exponent case when the result is 1 and not touching the limb space
    when the result is 0.

    This affects the use of RSA keys and X.509 certificates that carry them.

    BUG: unable to handle kernel NULL pointer dereference at (null)
    IP: [] mpi_powm+0x32/0x7e6
    PGD 0
    Oops: 0002 [#1] SMP
    Modules linked in:
    CPU: 3 PID: 3014 Comm: keyctl Not tainted 4.9.0-rc6-fscache+ #278
    Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
    task: ffff8804011944c0 task.stack: ffff880401294000
    RIP: 0010:[] [] mpi_powm+0x32/0x7e6
    RSP: 0018:ffff880401297ad8 EFLAGS: 00010212
    RAX: 0000000000000000 RBX: ffff88040868bec0 RCX: ffff88040868bba0
    RDX: ffff88040868b260 RSI: ffff88040868bec0 RDI: ffff88040868bee0
    RBP: ffff880401297ba8 R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000000000047 R11: ffffffff8183b210 R12: 0000000000000000
    R13: ffff8804087c7600 R14: 000000000000001f R15: ffff880401297c50
    FS: 00007f7a7918c700(0000) GS:ffff88041fb80000(0000) knlGS:0000000000000000
    CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000000 CR3: 0000000401250000 CR4: 00000000001406e0
    Stack:
    ffff88040868bec0 0000000000000020 ffff880401297b00 ffffffff81376cd4
    0000000000000100 ffff880401297b10 ffffffff81376d12 ffff880401297b30
    ffffffff81376f37 0000000000000100 0000000000000000 ffff880401297ba8
    Call Trace:
    [] ? __sg_page_iter_next+0x43/0x66
    [] ? sg_miter_get_next_page+0x1b/0x5d
    [] ? sg_miter_next+0x17/0xbd
    [] ? mpi_read_raw_from_sgl+0xf2/0x146
    [] rsa_verify+0x9d/0xee
    [] ? pkcs1pad_sg_set_buf+0x2e/0xbb
    [] pkcs1pad_verify+0xc0/0xe1
    [] public_key_verify_signature+0x1b0/0x228
    [] x509_check_for_self_signed+0xa1/0xc4
    [] x509_cert_parse+0x167/0x1a1
    [] x509_key_preparse+0x21/0x1a1
    [] asymmetric_key_preparse+0x34/0x61
    [] key_create_or_update+0x145/0x399
    [] SyS_add_key+0x154/0x19e
    [] do_syscall_64+0x80/0x191
    [] entry_SYSCALL64_slow_path+0x25/0x25
    Code: 56 41 55 41 54 53 48 81 ec a8 00 00 00 44 8b 71 04 8b 42 04 4c 8b 67 18 45 85 f6 89 45 80 0f 84 b4 06 00 00 85 c0 75 2f 41 ff ce c7 04 24 01 00 00 00 b0 01 75 0b 48 8b 41 18 48 83 38 01 0f
    RIP [] mpi_powm+0x32/0x7e6
    RSP
    CR2: 0000000000000000
    ---[ end trace d82015255d4a5d8d ]---

    Basically, this is a backport of a libgcrypt patch:

    http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=6e1adb05d290aeeb1c230c763970695f4a538526

    Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)")
    Signed-off-by: Andrey Ryabinin
    Signed-off-by: David Howells
    cc: Dmitry Kasatkin
    cc: linux-ima-devel@lists.sourceforge.net
    cc: stable@vger.kernel.org
    Signed-off-by: James Morris

    Andrey Ryabinin
     

08 Oct, 2012

1 commit

  • aacf29bf1   MPILIB: Provide count_leading/trailing_zeros() based on arch functions ... Browse Code »

    Provide count_leading/trailing_zeros() macros based on extant arch bit scanning
    functions rather than reimplementing from scratch in MPILIB.

    Whilst we're at it, turn count_foo_zeros(n, x) into n = count_foo_zeros(x).

    Also move the definition to asm-generic as other people may be interested in
    using it.

    Signed-off-by: David Howells
    Cc: David S. Miller
    Cc: Dmitry Kasatkin
    Cc: Arnd Bergmann
    Signed-off-by: Rusty Russell

    David Howells
     

01 Feb, 2012

1 commit

09 Nov, 2011

1 commit

  • cdec9cb51   crypto: GnuPG based MPI lib - source files (part 1) ... Browse Code »

    Adds the multi-precision-integer maths library which was originally taken
    from GnuPG and ported to the kernel by (among others) David Howells.
    This version is taken from Fedora kernel 2.6.32-71.14.1.el6.
    The difference is that checkpatch reported errors and warnings have been fixed.

    This library is used to implemenet RSA digital signature verification
    used in IMA/EVM integrity protection subsystem.

    Due to patch size limitation, the patch is divided into 4 parts.

    Signed-off-by: Dmitry Kasatkin

    Dmitry Kasatkin