From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 46EE339060C for ; Tue, 12 May 2026 14:03:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778594581; cv=none; b=iyUFuJEzaC9KLjDA4Afw1O/jX6ok3yoLra259295Gqd82HKt9jmerscvEgB+LwVwwGcrYi0xsBDTx+9JUv/rXJSwegBx2IF4OGhSmHXIWBlr3fquettsJYxez5XhjrIzLT1Qm0zIBJgKq0IsnYbNQNLPkjszde1tMym3wYiudzc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778594581; c=relaxed/simple; bh=6wfwCgDhOqIlmtQkNtem2AYYCNuSmWNv3vBTRO9xImk=; h=Subject:To:Cc:From:Date:Message-ID:MIME-Version:Content-Type; b=Gq0zcRMzJH3hHBNJru2DvN7ztrHY6Zn9cH0LFjRf9lfJ9jA0HzjP/IZoLC1+DA8oaoVZO1k06BFtPWAqcYqmKlonrmT9s/pQHc1fRwVNikCXdG9zml4BIL4bCYJ1tzfw60uv9EKgBVP1ytjmdAiZcf+0U3SnFz3f0rQM9RPPxFM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=PgyPJiXp; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="PgyPJiXp" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D080AC2BCB0; Tue, 12 May 2026 14:03:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778594581; bh=6wfwCgDhOqIlmtQkNtem2AYYCNuSmWNv3vBTRO9xImk=; h=Subject:To:Cc:From:Date:From; b=PgyPJiXpcX8Lue+oXdoEfKbfO7QXbcax3vEY0VYzMSV7QmV7oFZj+x6kwM9m9G6kg G38EcECdMfV890YdR9fx9Jq02TR7wNiJh5v57Ex8YRhniQqY87qATYdpCeQxKysjo3 LAGLwMWAG3wcec74iSAA7YuDaM9DxtH4DaHbgPa0= Subject: FAILED: patch "[PATCH] lib/crypto: mpi: Fix integer underflow in" failed to apply to 5.15-stable tree To: lukas@wunner.de,ebiggers@kernel.org,ignat@linux.win,jarkko@kernel.org,yimingqian591@gmail.com Cc: From: Date: Tue, 12 May 2026 16:01:24 +0200 Message-ID: <2026051224-ragweed-stash-2914@gregkh> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8c2f1288250a90a4b5cabed5d888d7e3aeed4035 # git commit -s git send-email --to '' --in-reply-to '2026051224-ragweed-stash-2914@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8c2f1288250a90a4b5cabed5d888d7e3aeed4035 Mon Sep 17 00:00:00 2001 From: Lukas Wunner Date: Sun, 12 Apr 2026 16:19:47 +0200 Subject: [PATCH] lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy more bytes than the "nbytes" parameter and the first "nbytes + 1" bytes of the scatterlist must be zero. Under these conditions, the while loop iterating over the scatterlist will count more zeroes than "nbytes", subtract the number of zeroes from "nbytes" and cause the underflow. When commit 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") originally introduced the bug, it couldn't be triggered because all callers of mpi_read_raw_from_sgl() passed a scatterlist whose length was equal to "nbytes". However since commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto interface without scatterlists"), the underflow can now actually be triggered. When invoking a KEYCTL_PKEY_ENCRYPT system call with a larger "out_len" than "in_len" and filling the "in" buffer with zeroes, crypto_akcipher_sync_prep() will create an all-zero scatterlist used for both the "src" and "dst" member of struct akcipher_request and thereby fulfil the conditions to trigger the bug: sys_keyctl() keyctl_pkey_e_d_s() asymmetric_key_eds_op() software_key_eds_op() crypto_akcipher_sync_encrypt() crypto_akcipher_sync_prep() crypto_akcipher_encrypt() rsa_enc() mpi_read_raw_from_sgl() To the user this will be visible as a DoS as the kernel spins forever, causing soft lockup splats as a side effect. Fix it. Reported-by: Yiming Qian # off-list Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") Signed-off-by: Lukas Wunner Cc: stable@vger.kernel.org # v4.4+ Reviewed-by: Ignat Korchagin Reviewed-by: Jarkko Sakkinen Link: https://lore.kernel.org/r/59eca92ff4f87e2081777f1423a0efaaadcfdb39.1776003111.git.lukas@wunner.de Signed-off-by: Eric Biggers diff --git a/lib/crypto/mpi/mpicoder.c b/lib/crypto/mpi/mpicoder.c index bf716a03c704..9359a58c29ec 100644 --- a/lib/crypto/mpi/mpicoder.c +++ b/lib/crypto/mpi/mpicoder.c @@ -347,7 +347,7 @@ MPI mpi_read_raw_from_sgl(struct scatterlist *sgl, unsigned int nbytes) lzeros = 0; len = 0; while (nbytes > 0) { - while (len && !*buff) { + while (len && !*buff && lzeros < nbytes) { lzeros++; len--; buff++;