[UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing

Bug #1832623 reported by bugproxy on 2019-06-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Canonical Kernel Team
linux (Ubuntu)
Undecided
Skipper Bug Screeners
Bionic
Medium
Unassigned
Cosmic
Medium
Unassigned
Disco
Medium
Unassigned

Bug Description

SRU Justification:
==================

[Impact]

* Wrong encryption/decryption with gcm-aes-s390 on z14.

* gcm-aes-s390 does not process scatter-gather input and output lists correctly if list entries of sizes being not multiples of the blocksize (16 bytes) are used, which results in wrong calculations.

[Fix]

* bef9f0ba300a55d79a69aa172156072182176515 bef9f0b "s390/crypto: fix gcm-aes-s390 selftest failures"

[Test Case]

* z14 with kernel >= 5.1 needed

* If disabled, enable the crypto self tests.

* Monitor syslog during modprobe of the aes_s390 kernel module. As this module usually gets automatically inserted during system startup you may need to unload the aes_s390 kernel module before re-inserting it.

* Without the fix a message like "kernel: alg: aead: gcm-aes-s390 encryption test failed (wrong result) on test vector 1,..." will show up.

* With the fix, all selftests will pass and nothing is reported in syslog.

[Regression Potential]

* The regression potential can be considered as low since this is purely s390x specific

* affects one mode of the hardware crypto facility CPACF

* and happens only on z14 (since z14 is the only model that currently supports the gcm-aes-s390 mode).

* Applications using aes-gcm via the AF_ALG interface are not affected since this API ensures scatter/gather list entries with chunk sizes in multiples of 16 bytes.

* Changes are limited to a single s390x crypto file /arch/s390/crypto/aes_s390.c

[Other Info]

* Problem was found during tests at IBM and is a so called 'preventive fix'

* Since this affects z14 only, final test need to be done by IBM.

* Applied cleanly for me on bionic master-next.
__________

Description: kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
Symptom: gcm-aes-s390 wrong en/decryption processing
Problem: The current gcm aes s390 implementation does not process
               scatter-gather input and output lists correct when list
               entries with sizes not multiples of the blocksize of 16
               bytes are used. Result may be wrong calculated encrypted
               or decrypted data.
               This can only happen on z14 (this is the only machine
               which supports aes-gcm in hardware via CPACF). Please note
               that applications using aes-gcm via the AF_ALG interface are
               not affected as this API ensures scatter/gather list entries
               with chunk sizes in multiples of 16 bytes. However, all
               exploiters of aes-gcm within the kernel may be affected.
Solution: Rework of the scatter/gather walk within the aes_s390 kernel
               module implementation with the goal to support any list
               entry size.
Reproduction: With kernel 5.1 there has been an improvement on the crypto
               selftests. There are now tests run with fragmented
               scatter/gather lists. So:
               1. You need at least a z14 and kernel >= 5.1.
               2. If disabled, enable the crypto self tests.
               3. Watch for syslog entries during modprobe of the aes_s390
                  kernel module. As this module usually gets automatically
                  inserted during system startup you may need to unload the
                  aes_s390 kernel module before re-inserting it.
               4. Without the fix something like
                  "kernel: alg: aead: gcm-aes-s390 encryption test failed
                      (wrong result) on test vector 1,..."
                  will show up. With the fix, all selftests will pass and
                  nothing is reported in syslog.

Component: kernel
Upstream-ID: bef9f0ba300a55d79a69aa172156072182176515

This request is targeted for 19.10, but should also be applied to 18.04 and 19.04

bugproxy (bugproxy) on 2019-06-12
tags: added: architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
importance: Undecided → High
Frank Heimes (frank-heimes) wrote :

Commit ID got upstream accepted with kernel v5.2-rc3, so will be automatically part of 19.10, when target kernel 5.2 finally lands in eoan.
Kernel SRU needed for 19.04 and 18.04.

Changed in ubuntu-z-systems:
status: New → Triaged
description: updated
Frank Heimes (frank-heimes) wrote :
Changed in linux (Ubuntu):
status: New → In Progress
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Stefan Bader (smb) on 2019-06-28
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
Changed in linux (Ubuntu Cosmic):
importance: Undecided → Medium
Changed in linux (Ubuntu Disco):
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
status: New → Fix Committed
Changed in linux (Ubuntu Cosmic):
status: New → Fix Committed
Changed in linux (Ubuntu Disco):
status: New → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-disco

------- Comment From <email address hidden> 2019-07-03 08:38 EDT-------
Already verfied upstream by IBM.

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
tags: added: verification-needed-bionic

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Frank Heimes (frank-heimes) wrote :

Due to comment #4 (where I got notified by IBM that it should be 'verified upfront' rather than 'upstream', which is a typo) I'm adjusting the tags to verified-done.

tags: added: verification-done-bionic verification-done-cosmic verification-done-disco
removed: verification-needed-bionic verification-needed-cosmic verification-needed-disco
Launchpad Janitor (janitor) wrote :
Download full text (11.2 KiB)

This bug was fixed in the package linux - 4.15.0-55.60

---------------
linux (4.15.0-55.60) bionic; urgency=medium

  * linux: 4.15.0-55.60 -proposed tracker (LP: #1834954)

  * Request backport of ceph commits into bionic (LP: #1834235)
    - ceph: use atomic_t for ceph_inode_info::i_shared_gen
    - ceph: define argument structure for handle_cap_grant
    - ceph: flush pending works before shutdown super
    - ceph: send cap releases more aggressively
    - ceph: single workqueue for inode related works
    - ceph: avoid dereferencing invalid pointer during cached readdir
    - ceph: quota: add initial infrastructure to support cephfs quotas
    - ceph: quota: support for ceph.quota.max_files
    - ceph: quota: don't allow cross-quota renames
    - ceph: fix root quota realm check
    - ceph: quota: support for ceph.quota.max_bytes
    - ceph: quota: update MDS when max_bytes is approaching
    - ceph: quota: add counter for snaprealms with quota
    - ceph: avoid iput_final() while holding mutex or in dispatch thread

  * QCA9377 isn't being recognized sometimes (LP: #1757218)
    - SAUCE: USB: Disable USB2 LPM at shutdown

  * hns: fix ICMP6 neighbor solicitation messages discard problem (LP: #1833140)
    - net: hns: fix ICMP6 neighbor solicitation messages discard problem
    - net: hns: fix unsigned comparison to less than zero

  * Fix occasional boot time crash in hns driver (LP: #1833138)
    - net: hns: Fix probabilistic memory overwrite when HNS driver initialized

  * use-after-free in hns_nic_net_xmit_hw (LP: #1833136)
    - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()

  * hns: attempt to restart autoneg when disabled should report error
    (LP: #1833147)
    - net: hns: Restart autoneg need return failed when autoneg off

  * systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp)
    (LP: #1821625)
    - powerpc: sys_pkey_alloc() and sys_pkey_free() system calls
    - powerpc: sys_pkey_mprotect() system call

  * [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different
    (LP: #1832625)
    - pkey: Indicate old mkvp only if old and current mkvp are different

  * [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
    (LP: #1832623)
    - s390/crypto: fix gcm-aes-s390 selftest failures

  * System crashes on hot adding a core with drmgr command (4.15.0-48-generic)
    (LP: #1833716)
    - powerpc/numa: improve control of topology updates
    - powerpc/numa: document topology_updates_enabled, disable by default

  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl

  * [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs
    (LP: #1832624)
    - s390/zcrypt: Fix wrong dispatching for control domain CPRBs

  * CVE-2019-11815
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().

  * Sound device not detected after resume from hibernate (LP: #1826868)
    - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled
    - drm/i915: Save the old CDCLK atomic state
...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Frank Heimes (frank-heimes) wrote :

Changing "linux (Ubuntu)" to Fix Released, since the patch got upstream accepted with kernel 5.2 and kernel 5.2 landed in Eoan's release pocket.

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (57.5 KiB)

This bug was fixed in the package linux - 5.0.0-21.22

---------------
linux (5.0.0-21.22) disco; urgency=medium

  * linux: 5.0.0-21.22 -proposed tracker (LP: #1834902)

  * Disco update: 5.0.15 upstream stable release (LP: #1834529)
    - net: stmmac: Use bfsize1 in ndesc_init_rx_desc
    - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup()
    - ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
    - staging: greybus: power_supply: fix prop-descriptor request size
    - staging: wilc1000: Avoid GFP_KERNEL allocation from atomic context.
    - staging: most: cdev: fix chrdev_region leak in mod_exit
    - staging: most: sound: pass correct device when creating a sound card
    - ASoC: tlv320aic3x: fix reset gpio reference counting
    - ASoC: hdmi-codec: fix S/PDIF DAI
    - ASoC: stm32: sai: fix iec958 controls indexation
    - ASoC: stm32: sai: fix exposed capabilities in spdif mode
    - ASoC: stm32: sai: fix race condition in irq handler
    - ASoC:soc-pcm:fix a codec fixup issue in TDM case
    - ASoC:hdac_hda:use correct format to setup hda codec
    - ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform
    - ASoC: dpcm: prevent snd_soc_dpcm use after free
    - ASoC: nau8824: fix the issue of the widget with prefix name
    - ASoC: nau8810: fix the issue of widget with prefixed name
    - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate
    - ASoC: rt5682: Check JD status when system resume
    - ASoC: rt5682: fix jack type detection issue
    - ASoC: rt5682: recording has no sound after booting
    - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
    - clk: meson-gxbb: round the vdec dividers to closest
    - ASoC: stm32: dfsdm: manage multiple prepare
    - ASoC: stm32: dfsdm: fix debugfs warnings on entry creation
    - ASoC: cs4270: Set auto-increment bit for register writes
    - ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol
    - drm/omap: hdmi4_cec: Fix CEC clock handling for PM
    - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state
    - IB/hfi1: Eliminate opcode tests on mr deref
    - IB/hfi1: Fix the allocation of RSM table
    - MIPS: KGDB: fix kgdb support for SMP platforms.
    - ASoC: tlv320aic32x4: Fix Common Pins
    - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
    - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
    - perf/x86/intel: Initialize TFA MSR
    - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
    - iov_iter: Fix build error without CONFIG_CRYPTO
    - xtensa: fix initialization of pt_regs::syscall in start_thread
    - ASoC: rockchip: pdm: fix regmap_ops hang issue
    - drm/amdkfd: Add picasso pci id
    - drm/amdgpu: Adjust IB test timeout for XGMI configuration
    - drm/amdgpu: amdgpu_device_recover_vram always failed if only one node in
      shadow_list
    - drm/amd/display: fix cursor black issue
    - ASoC: cs35l35: Disable regulators on driver removal
    - objtool: Add rewind_stack_do_exit() to the noreturn list
    - slab: fix a crash by reading /proc/slab_allocators
    - drm/sun4i: tcon top: Fix NULL/inv...

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
Frank Heimes (frank-heimes) wrote :

Changing the cosmic entry to Invalid since it reached it's EOL on July, 18th 2019 (last week).
With that change the entire ticket is now Fix Released.

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Invalid
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-07-23 02:35 EDT-------
IBM Bugzilla status -> closed, Fix Released for all requested distros

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers