From fda0a919dfd62c1e2dd73a6f525a019b8cb853fc Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Mon, 10 Nov 2014 14:53:33 -0500 Subject: [PATCH] Add patch to fix crypto allocation issues on PAGE_SIZE > 4k --- ...id-excessive-use-of-socket-buffer-in.patch | 34 +++++++++++++++++++ kernel.spec | 7 ++++ 2 files changed, 41 insertions(+) create mode 100644 crypto-algif-avoid-excessive-use-of-socket-buffer-in.patch diff --git a/crypto-algif-avoid-excessive-use-of-socket-buffer-in.patch b/crypto-algif-avoid-excessive-use-of-socket-buffer-in.patch new file mode 100644 index 000000000..a53122ecc --- /dev/null +++ b/crypto-algif-avoid-excessive-use-of-socket-buffer-in.patch @@ -0,0 +1,34 @@ +From 5af4aca31445b5c0a05ef7bf707493c1bff73db5 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Mon, 25 Aug 2014 11:49:54 +0200 +Subject: [PATCH] crypto: algif - avoid excessive use of socket buffer in + skcipher + +On archs with PAGE_SIZE >= 64 KiB the function skcipher_alloc_sgl() +fails with -ENOMEM no matter what user space actually requested. +This is caused by the fact sock_kmalloc call inside the function tried +to allocate more memory than allowed by the default kernel socket buffer +size (kernel param net.core.optmem_max). + +Signed-off-by: Ondrej Kozina +Signed-off-by: Herbert Xu +--- + crypto/algif_skcipher.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c +index a19c027b29bd..83187f497c7c 100644 +--- a/crypto/algif_skcipher.c ++++ b/crypto/algif_skcipher.c +@@ -49,7 +49,7 @@ struct skcipher_ctx { + struct ablkcipher_request req; + }; + +-#define MAX_SGL_ENTS ((PAGE_SIZE - sizeof(struct skcipher_sg_list)) / \ ++#define MAX_SGL_ENTS ((4096 - sizeof(struct skcipher_sg_list)) / \ + sizeof(struct scatterlist) - 1) + + static inline int skcipher_sndbuf(struct sock *sk) +-- +1.9.3 + diff --git a/kernel.spec b/kernel.spec index 758757561..a61dc8057 100644 --- a/kernel.spec +++ b/kernel.spec @@ -684,6 +684,8 @@ Patch26085: tracing-syscalls-Ignore-numbers-outside-NR_syscalls-.patch #rhbz 1151836 Patch26086: Revert-iwlwifi-mvm-treat-EAPOLs-like-mgmt-frames-wrt.patch +Patch26087: crypto-algif-avoid-excessive-use-of-socket-buffer-in.patch + # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel Patch30000: kernel-arm64.patch @@ -1481,6 +1483,8 @@ ApplyPatch tracing-syscalls-Ignore-numbers-outside-NR_syscalls-.patch #rhbz 1151836 ApplyPatch Revert-iwlwifi-mvm-treat-EAPOLs-like-mgmt-frames-wrt.patch +ApplyPatch crypto-algif-avoid-excessive-use-of-socket-buffer-in.patch + %if 0%{?aarch64patches} ApplyPatch kernel-arm64.patch %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. @@ -2349,6 +2353,9 @@ fi # ||----w | # || || %changelog +* Mon Nov 10 2014 Josh Boyer +- Add patch to fix crypto allocation issues on PAGE_SIZE > 4k + * Fri Nov 07 2014 Josh Boyer - Fix iwlwifi oops (rhbz 1151836) - CVE-2014-7826 CVE-2014-7825 insufficient syscall number validation in perf and ftrace subsystems (rhbz 1161565 1161572)