| 2019-06-12 17:52:15 |
bugproxy |
bug |
|
|
added bug |
| 2019-06-12 17:52:17 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 |
|
| 2019-06-12 17:52:18 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
| 2019-06-12 17:52:21 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
| 2019-06-12 19:11:43 |
Andrew Cloke |
bug task added |
|
ubuntu-z-systems |
|
| 2019-06-12 19:11:58 |
Andrew Cloke |
ubuntu-z-systems: assignee |
|
Canonical Kernel Team (canonical-kernel-team) |
|
| 2019-06-12 19:12:06 |
Andrew Cloke |
ubuntu-z-systems: importance |
Undecided |
High |
|
| 2019-06-17 06:07:13 |
Frank Heimes |
ubuntu-z-systems: status |
New |
Triaged |
|
| 2019-06-18 13:56:50 |
Frank Heimes |
description |
Description: kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
Symptom: gcm-aes-s390 wrong en/decryption processing
Problem: The current gcm aes s390 implementation does not process
scatter-gather input and output lists correct when list
entries with sizes not multiples of the blocksize of 16
bytes are used. Result may be wrong calculated encrypted
or decrypted data.
This can only happen on z14 (this is the only machine
which supports aes-gcm in hardware via CPACF). Please note
that applications using aes-gcm via the AF_ALG interface are
not affected as this API ensures scatter/gather list entries
with chunk sizes in multiples of 16 bytes. However, all
exploiters of aes-gcm within the kernel may be affected.
Solution: Rework of the scatter/gather walk within the aes_s390 kernel
module implementation with the goal to support any list
entry size.
Reproduction: With kernel 5.1 there has been an improvement on the crypto
selftests. There are now tests run with fragmented
scatter/gather lists. So:
1. You need at least a z14 and kernel >= 5.1.
2. If disabled, enable the crypto self tests.
3. Watch for syslog entries during modprobe of the aes_s390
kernel module. As this module usually gets automatically
inserted during system startup you may need to unload the
aes_s390 kernel module before re-inserting it.
4. Without the fix something like
"kernel: alg: aead: gcm-aes-s390 encryption test failed
(wrong result) on test vector 1,..."
will show up. With the fix, all selftests will pass and
nothing is reported in syslog.
Component: kernel
Upstream-ID: bef9f0ba300a55d79a69aa172156072182176515
This request is targeted for 19.10, but should also be applied to 18.04 and 19.04 |
SRU Justification:
==================
[Impact]
* Wrong encryption/decryption with gcm-aes-s390 on z14.
* gcm-aes-s390 does not process scatter-gather input and output lists correctly if list entries of sizes being not multiples of the blocksize (16 bytes) are used, which results in wrong calculations.
[Fix]
* bef9f0ba300a55d79a69aa172156072182176515 bef9f0b "s390/crypto: fix gcm-aes-s390 selftest failures"
[Test Case]
* z14 with kernel >= 5.1 needed
* If disabled, enable the crypto self tests.
* Monitor syslog during modprobe of the aes_s390 kernel module. As this module usually gets automatically inserted during system startup you may need to unload the aes_s390 kernel module before re-inserting it.
* Without the fix a message like "kernel: alg: aead: gcm-aes-s390 encryption test failed (wrong result) on test vector 1,..." will show up.
* With the fix, all selftests will pass and nothing is reported in syslog.
[Regression Potential]
* The regression potential can be considered as low since this is purely s390x specific
* affects one mode of the hardware crypto facility CPACF
* and happens only on z14 (since z14 is the only model that currently supports the gcm-aes-s390 mode).
* Applications using aes-gcm via the AF_ALG interface are not affected since this API ensures scatter/gather list entries with chunk sizes in multiples of 16 bytes.
* Changes are limited to a single s390x crypto file /arch/s390/crypto/aes_s390.c
[Other Info]
* Problem was found during tests at IBM and is a so called 'preventive fix'
* Since this affects z14 only, final test need to be done by IBM.
* Applied cleanly for me on bionic master-next.
__________
Description: kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
Symptom: gcm-aes-s390 wrong en/decryption processing
Problem: The current gcm aes s390 implementation does not process
scatter-gather input and output lists correct when list
entries with sizes not multiples of the blocksize of 16
bytes are used. Result may be wrong calculated encrypted
or decrypted data.
This can only happen on z14 (this is the only machine
which supports aes-gcm in hardware via CPACF). Please note
that applications using aes-gcm via the AF_ALG interface are
not affected as this API ensures scatter/gather list entries
with chunk sizes in multiples of 16 bytes. However, all
exploiters of aes-gcm within the kernel may be affected.
Solution: Rework of the scatter/gather walk within the aes_s390 kernel
module implementation with the goal to support any list
entry size.
Reproduction: With kernel 5.1 there has been an improvement on the crypto
selftests. There are now tests run with fragmented
scatter/gather lists. So:
1. You need at least a z14 and kernel >= 5.1.
2. If disabled, enable the crypto self tests.
3. Watch for syslog entries during modprobe of the aes_s390
kernel module. As this module usually gets automatically
inserted during system startup you may need to unload the
aes_s390 kernel module before re-inserting it.
4. Without the fix something like
"kernel: alg: aead: gcm-aes-s390 encryption test failed
(wrong result) on test vector 1,..."
will show up. With the fix, all selftests will pass and
nothing is reported in syslog.
Component: kernel
Upstream-ID: bef9f0ba300a55d79a69aa172156072182176515
This request is targeted for 19.10, but should also be applied to 18.04 and 19.04 |
|
| 2019-06-18 15:59:39 |
Frank Heimes |
linux (Ubuntu): status |
New |
In Progress |
|
| 2019-06-18 15:59:42 |
Frank Heimes |
ubuntu-z-systems: status |
Triaged |
In Progress |
|
| 2019-06-28 12:41:50 |
Stefan Bader |
nominated for series |
|
Ubuntu Disco |
|
| 2019-06-28 12:41:50 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Disco) |
|
| 2019-06-28 12:41:50 |
Stefan Bader |
nominated for series |
|
Ubuntu Cosmic |
|
| 2019-06-28 12:41:50 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Cosmic) |
|
| 2019-06-28 12:41:50 |
Stefan Bader |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-06-28 12:41:50 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2019-06-28 12:43:50 |
Stefan Bader |
linux (Ubuntu Bionic): importance |
Undecided |
Medium |
|
| 2019-06-28 12:43:53 |
Stefan Bader |
linux (Ubuntu Cosmic): importance |
Undecided |
Medium |
|
| 2019-06-28 12:43:58 |
Stefan Bader |
linux (Ubuntu Disco): importance |
Undecided |
Medium |
|
| 2019-07-02 08:10:47 |
Kleber Sacilotto de Souza |
linux (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2019-07-02 08:10:51 |
Kleber Sacilotto de Souza |
linux (Ubuntu Cosmic): status |
New |
Fix Committed |
|
| 2019-07-02 08:10:53 |
Kleber Sacilotto de Souza |
linux (Ubuntu Disco): status |
New |
Fix Committed |
|
| 2019-07-02 09:03:37 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
| 2019-07-03 11:02:10 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 verification-needed-disco |
|
| 2019-07-03 13:02:48 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 verification-needed-disco |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 verification-needed-cosmic verification-needed-disco |
|
| 2019-07-03 13:06:22 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 verification-needed-cosmic verification-needed-disco |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 verification-needed-bionic verification-needed-cosmic verification-needed-disco |
|
| 2019-07-03 14:22:47 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 verification-needed-bionic verification-needed-cosmic verification-needed-disco |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 verification-done-bionic verification-done-cosmic verification-done-disco |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2018-12126 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2018-12127 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2018-12130 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11085 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11091 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11815 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11833 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11884 |
|
| 2019-07-22 12:41:29 |
Frank Heimes |
linux (Ubuntu): status |
In Progress |
Fix Released |
|
| 2019-07-23 05:25:24 |
Launchpad Janitor |
linux (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
| 2019-07-23 05:48:50 |
Frank Heimes |
linux (Ubuntu Cosmic): status |
Fix Committed |
Invalid |
|
| 2019-07-23 05:48:55 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|
| 2019-08-22 16:17:07 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 verification-done-bionic verification-done-cosmic verification-done-disco |
architecture-s39064 bugnameltc-178123 severity-high targetmilestone-inin1910 verification-done-bionic verification-done-cosmic verification-done-disco verification-needed-xenial |
|
