APPLIED: [SRU][B][C][D][Patch 0/1] s390/crypto: fix gcm-aes-s390 selftest failures (LP: 1832623)

Kleber Souza kleber.souza at canonical.com
Tue Jul 2 08:10:30 UTC 2019 

On 6/18/19 5:57 PM, frank.heimes at canonical.com wrote:
> Buglink: https://bugs.launchpad.net/bugs/1832623
> 
> SRU Justification:
> 
> [Impact]
> 
> * Wrong encryption/decryption with gcm-aes-s390 on z14.
> 
> * gcm-aes-s390 does not process scatter-gather input and output lists correctly if list entries of sizes being not multiples of the blocksize (16 bytes) are used, which results in wrong calculations.
> 
> [Fix]
> 
> * bef9f0ba300a55d79a69aa172156072182176515 bef9f0b "s390/crypto: fix gcm-aes-s390 selftest failures"
> 
> [Test Case]
> 
> * z14 with kernel >= 5.1 needed
> 
> * If disabled, enable the crypto self tests.
> 
> * Monitor syslog during modprobe of the aes_s390 kernel module. As this module usually gets automatically inserted during system startup you may need to unload the aes_s390 kernel module before re-inserting it.
> 
> * Without the fix a message like "kernel: alg: aead: gcm-aes-s390 encryption test failed (wrong result) on test vector 1,..." will show up.
> 
> * With the fix, all selftests will pass and nothing is reported in syslog.
> 
> [Regression Potential] 
> 
> * The regression potential can be considered as low since this is purely s390x specific
> 
> * affects one mode of the hardware crypto facility CPACF
> 
> * and happens only on z14 (since z14 is the only model that currently supports the gcm-aes-s390 mode).
> 
> * Applications using aes-gcm via the AF_ALG interface are not affected since this API ensures scatter/gather list entries with chunk sizes in multiples of 16 bytes.
> 
> * Changes are limited to a single s390x crypto file /arch/s390/crypto/aes_s390.c
> 
> [Other Info]
> 
> * Problem was found during tests at IBM and is a so called 'preventive fix'
> 
> * Since this affects z14 only, final test need to be done by IBM.
> 
> * Applied cleanly for me on bionic master-next.
> 
> Harald Freudenberger (1):
>   From: Harald Freudenberger <freude at linux.ibm.com>
> 
>  arch/s390/crypto/aes_s390.c | 148 ++++++++++++++++++++++++++++++++------------
>  1 file changed, 107 insertions(+), 41 deletions(-)
> 

Applied to {bionic,cosmic,disco}/master-next branch.

Thanks,
Kleber

More information about the kernel-team mailing list