Re: [PATCH] crypto: x86/sha1 : Fix reads beyond the number of blocks passed

From: Greg KH <gregkh@linuxfoundation.org>
To: Megha Dey <megha.dey@linux.intel.com>
Cc: stable@vger.kernel.org
Subject: Re: [PATCH] crypto: x86/sha1 : Fix reads beyond the number of blocks passed
Date: Mon, 4 Sep 2017 11:34:24 +0200	[thread overview]
Message-ID: <20170904093424.GA14508@kroah.com> (raw)
In-Reply-To: <1504200931.29723.9.camel@megha-Z97X-UD7-TH>

On Thu, Aug 31, 2017 at 10:35:31AM -0700, Megha Dey wrote:
> On Thu, 2017-08-31 at 08:06 +0200, Greg KH wrote:
> > On Thu, Aug 31, 2017 at 08:03:59AM +0200, Greg KH wrote:
> > > On Tue, Aug 29, 2017 at 10:08:31AM -0700, Megha Dey wrote:
> > > > On Tue, 2017-08-22 at 17:47 -0700, Greg KH wrote:
> > > > > On Tue, Aug 22, 2017 at 05:41:03PM -0700, Megha Dey wrote:
> > > > > > It was reported that the sha1 AVX2 function(sha1_transform_avx2) is
> > > > > > reading ahead beyond its intended data, and causing a crash if the next
> > > > > > block is beyond page boundary:
> > > > > > http://marc.info/?l=linux-crypto-vger&m=149373371023377
> > > > > > 
> > > > > > This patch makes sure that there is no overflow for any buffer length.
> > > > > > 
> > > > > > It passes the tests written by Jan Stancek that revealed this problem:
> > > > > > https://github.com/jstancek/sha1-avx2-crash
> > > > > > 
> > > > > > This patch fixes reads beyond the number of blocks in the same way it
> > > > > > was done in commit 8861249c740fc4af9ddc5aee321eafefb960d7c6
> > > > > > ("crypto: x86/sha1 : Fix reads beyond the number of blocks passed").
> > > > > 
> > > > > So all you really want is that specific commit added to the stable
> > > > > kernels?  If so, what kernel tree(s)?
> > > > 
> > > > Hi Greg,
> > > > The commit 8861249c740fc4af9ddc5aee321eafefb960d7c6 present in the
> > > > mainline kernel does not apply cleanly to the stable kernel tree. Hence,
> > > > I have submitted this patch with some minor changes for the stable tree.
> > > > 
> > > > I am not sure what you mean by which kernel trees.
> > > 
> > > There are lots of stable kernel trees being maintained at the moment,
> > > see:
> > > 	https://www.kernel.org/category/releases.html
> > > 
> > > I was asking if any of those are applicable for this patch as well.
> > 
> > Even more confusing, commit 8861249c740fc4af9ddc5aee321eafefb960d7c6 is
> > already in the stable kernel releases.  It showed up in 4.4.84, 4.9.45,
> > and 4.12.9.  You should have gotten notifications about all of these.
> > 
> > So I don't really understand what needs to be done here.
> > 
> > totally confused,
> Hi Greg,
> 
> Sorry for the confusion. 
> 
> I had got an email from you: 
> "The patch below does not apply to the 3.18-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>."
> 
> This new patch applies cleanly on the 3.18 stable kernel unlike commit
> 8861249. So to answer your question, this patch needs to be added to the
> 3.18 stable kernel. 

Ok, but commit 8861249 modifies a lot of files, while your "backport"
does not do that at all.

Again, I still do not know what is going on here, or what exactly you
want.  How about a backport of the original patch, to the 3.18-stable
kernel tree, that is what I think is needed, correct?

thanks,

greg k-h