From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Uan+=RX=vger.kernel.org=stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,
	SIGNED_OFF_BY,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6C3A6C4360F
	for <stable@archiver.kernel.org>; Wed, 20 Mar 2019 16:19:09 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 3B5BD2183E
	for <stable@archiver.kernel.org>; Wed, 20 Mar 2019 16:19:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=default; t=1553098749;
	bh=07jh9efo2HLUvmGF1JeszoMD7/jPa41SGp4EFjuNEgA=;
	h=Subject:To:Cc:From:Date:List-ID:From;
	b=oE8bKtSjpqiOL7fcm3c2L+8K0pmp9u5o1fnnO+MxZ5lhLZ0D4VjZncF6YiqR4WXuN
	 Mkdhqm2tGElxJWgEDfIExBtC2gZ7IQLKialsbu222w2PCDliNYA2XVadt8OSmrpY3C
	 O0KNey8x805lt4F6OtBfmJRUjl+9BrWoPsHlOntg=
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727252AbfCTQTH (ORCPT <rfc822;stable@archiver.kernel.org>);
        Wed, 20 Mar 2019 12:19:07 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:46735 "EHLO
        out5-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726739AbfCTQTH (ORCPT
        <rfc822;stable@vger.kernel.org>); Wed, 20 Mar 2019 12:19:07 -0400
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
        by mailout.nyi.internal (Postfix) with ESMTP id 0D1B82225B;
        Wed, 20 Mar 2019 12:19:07 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute6.internal (MEProxy); Wed, 20 Mar 2019 12:19:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
        messagingengine.com; h=cc:content-transfer-encoding:content-type
        :date:from:message-id:mime-version:subject:to:x-me-proxy
        :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=oJUuu8
        2Z5ZYl9AUWufK7Hw1IBAUZb2hUT4u1kl+uW/8=; b=wQ8QHNu3xGfAUymBvsl3Y+
        VePqXb6aYvfvn7cfY8yPJZiG0r5uruqKASVuhocUldPd8KoAb0MBS0NeNrQlaz9I
        IedmeteC8Tbh262Z/VhWrr6Pg0KHdhKEJWYWYEsyf+lta1sF/E7dnomqVKwdkJPZ
        vuUCnYWRj4vZdTSdvYRPqtQkqqCdGcMM5YzkkUn4l2+XEDHpYNHV0frAA9jVHutE
        ZwCDFwg4P+HrkA/JTwz5sOW2cH6uJs1ux16kla5CEsGGVVTRdFACxrqxMT/ICqco
        95Lj3FNpJFZ2S9LzIOQWblSp19RSU2Lz81nXvxuA/3fY/S6rsufPlBtjlPp+bH5w
        ==
X-ME-Sender: <xms:-WeSXOGiDu5CtcBjaBSSXtWBzSwOHqz006GIcmU2dXymcTBrlYiEJA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrieeigdekjecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecunecujfgurhepuffvhfffkfggtgfgsehtkeertddttd
    flnecuhfhrohhmpeeoghhrvghgkhhhsehlihhnuhigfhhouhhnuggrthhiohhnrdhorhhg
    qeenucfkphepkeefrdekiedrkeelrddutdejnecurfgrrhgrmhepmhgrihhlfhhrohhmpe
    hgrhgvgheskhhrohgrhhdrtghomhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:-WeSXKuePObw1DpOw3knUU2dO0k8_ddx0Hxyv-Q7e-Kf4VoOlBXrrQ>
    <xmx:-WeSXBg3sjoY6rg9aagS6JCO2grfNyY-ru3BMBz6NNeHjxah6Ktt1Q>
    <xmx:-WeSXP1M7CgsU80uEDDlQNtQIxr8gHL8mf2lrD28IZb3mH-NM7SF7w>
    <xmx:-2eSXFx8i9i67ogs2ormGhBk1fvzJvW98Ak-mWaSNr0IVPcoca-6pQ>
Received: from localhost (5356596b.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        by mail.messagingengine.com (Postfix) with ESMTPA id 4C959100E5;
        Wed, 20 Mar 2019 12:19:05 -0400 (EDT)
Subject: FAILED: patch "[PATCH] crypto: pcbc - remove bogus memcpy()s with src == dest" failed to apply to 4.14-stable tree
To:     ebiggers@google.com, dhowells@redhat.com,
        herbert@gondor.apana.org.au, stable@vger.kernel.org
Cc:     <stable@vger.kernel.org>
From:   <gregkh@linuxfoundation.org>
Date:   Wed, 20 Mar 2019 17:19:03 +0100
Message-ID: <15530987438372@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org


The patch below does not apply to the 4.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

>From 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Thu, 3 Jan 2019 20:16:13 -0800
Subject: [PATCH] crypto: pcbc - remove bogus memcpy()s with src == dest

The memcpy()s in the PCBC implementation use walk->iv as both the source
and destination, which has undefined behavior.  These memcpy()'s are
actually unneeded, because walk->iv is already used to hold the previous
plaintext block XOR'd with the previous ciphertext block.  Thus,
walk->iv is already updated to its final value.

So remove the broken and unnecessary memcpy()s.

Fixes: 91652be5d1b9 ("[CRYPTO] pcbc: Add Propagated CBC template")
Cc: <stable@vger.kernel.org> # v2.6.21+
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/pcbc.c b/crypto/pcbc.c
index 8aa10144407c..1b182dfedc94 100644
--- a/crypto/pcbc.c
+++ b/crypto/pcbc.c
@@ -51,7 +51,7 @@ static int crypto_pcbc_encrypt_segment(struct skcipher_request *req,
 	unsigned int nbytes = walk->nbytes;
 	u8 *src = walk->src.virt.addr;
 	u8 *dst = walk->dst.virt.addr;
-	u8 *iv = walk->iv;
+	u8 * const iv = walk->iv;
 
 	do {
 		crypto_xor(iv, src, bsize);
@@ -72,7 +72,7 @@ static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req,
 	int bsize = crypto_cipher_blocksize(tfm);
 	unsigned int nbytes = walk->nbytes;
 	u8 *src = walk->src.virt.addr;
-	u8 *iv = walk->iv;
+	u8 * const iv = walk->iv;
 	u8 tmpbuf[MAX_CIPHER_BLOCKSIZE];
 
 	do {
@@ -84,8 +84,6 @@ static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req,
 		src += bsize;
 	} while ((nbytes -= bsize) >= bsize);
 
-	memcpy(walk->iv, iv, bsize);
-
 	return nbytes;
 }
 
@@ -121,7 +119,7 @@ static int crypto_pcbc_decrypt_segment(struct skcipher_request *req,
 	unsigned int nbytes = walk->nbytes;
 	u8 *src = walk->src.virt.addr;
 	u8 *dst = walk->dst.virt.addr;
-	u8 *iv = walk->iv;
+	u8 * const iv = walk->iv;
 
 	do {
 		crypto_cipher_decrypt_one(tfm, dst, src);
@@ -132,8 +130,6 @@ static int crypto_pcbc_decrypt_segment(struct skcipher_request *req,
 		dst += bsize;
 	} while ((nbytes -= bsize) >= bsize);
 
-	memcpy(walk->iv, iv, bsize);
-
 	return nbytes;
 }
 
@@ -144,7 +140,7 @@ static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req,
 	int bsize = crypto_cipher_blocksize(tfm);
 	unsigned int nbytes = walk->nbytes;
 	u8 *src = walk->src.virt.addr;
-	u8 *iv = walk->iv;
+	u8 * const iv = walk->iv;
 	u8 tmpbuf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(u32));
 
 	do {
@@ -156,8 +152,6 @@ static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req,
 		src += bsize;
 	} while ((nbytes -= bsize) >= bsize);
 
-	memcpy(walk->iv, iv, bsize);
-
 	return nbytes;
 }