This is a note to let you know that I've just added the patch titled
crypto: af_alg - Work around empty control messages without MSG_MORE
to the 4.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
crypto-af_alg-work-around-empty-control-messages-without-msg_more.patch
and it can be found in the queue-4.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From c195d66a8a75c60515819b101975f38b7ec6577f Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Aug 2020 17:14:36 +1000
Subject: crypto: af_alg - Work around empty control messages without MSG_MORE
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
commit c195d66a8a75c60515819b101975f38b7ec6577f upstream.
The iwd daemon uses libell which sets up the skcipher operation with
two separate control messages. As the first control message is sent
without MSG_MORE, it is interpreted as an empty request.
While libell should be fixed to use MSG_MORE where appropriate, this
patch works around the bug in the kernel so that existing binaries
continue to work.
We will print a warning however.
A separate issue is that the new kernel code no longer allows the
control message to be sent twice within the same request. This
restriction is obviously incompatible with what iwd was doing (first
setting an IV and then sending the real control message). This
patch changes the kernel so that this is explicitly allowed.
Reported-by: Caleb Jorden <caljorden@xxxxxxxxxxx>
Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when...")
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
crypto/af_alg.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -21,6 +21,7 @@
#include <linux/module.h>
#include <linux/net.h>
#include <linux/rwsem.h>
+#include <linux/sched.h>
#include <linux/sched/signal.h>
#include <linux/security.h>
@@ -860,9 +861,15 @@ int af_alg_sendmsg(struct socket *sock,
}
lock_sock(sk);
- if (ctx->init && (init || !ctx->more)) {
- err = -EINVAL;
- goto unlock;
+ if (ctx->init && !ctx->more) {
+ if (ctx->used) {
+ err = -EINVAL;
+ goto unlock;
+ }
+
+ pr_info_once(
+ "%s sent an empty control message without MSG_MORE.\n",
+ current->comm);
}
ctx->init = true;
Patches currently in stable-queue which might be from herbert@xxxxxxxxxxxxxxxxxxx are
queue-4.19/crypto-af_alg-fix-regression-on-empty-requests.patch
queue-4.19/crypto-arm-rename-functions-to-avoid-conflict-with-c.patch
queue-4.19/crypto-af_alg-work-around-empty-control-messages-without-msg_more.patch
queue-4.19/crypto-algif_aead-only-wake-up-when-ctx-more-is-zero.patch
queue-4.19/crypto-algif_aead-fix-uninitialized-ctx-init.patch
queue-4.19/crypto-arm-sha-fix-function-cast-warnings.patch
queue-4.19/crypto-af_alg-make-some-functions-static.patch
