Blob Blame History Raw
--- a/lib/crypto_backend/crypto_cipher_kernel.c
+++ b/lib/crypto_backend/crypto_cipher_kernel.c
@@ -31,6 +31,7 @@
 #ifdef ENABLE_AF_ALG
 
 #include <linux/if_alg.h>
+#include <sys/utsname.h>
 
 #ifndef AF_ALG
 #define AF_ALG 38
@@ -88,6 +89,35 @@ int crypt_cipher_blocksize(const char *n
 	return ca ? ca->blocksize : -EINVAL;
 }
 
+static size_t pagesize(size_t defsize)
+{
+	long r = sysconf(_SC_PAGESIZE);
+	return r < 0 ? defsize : (size_t)r;
+}
+
+static int check_rh_kernel_version(void)
+{
+	unsigned maj, mid, min, rel;
+	static struct utsname uts = {{ 0 }};
+	size_t ps = pagesize(32768);
+
+	if (ps < 32768)
+		return 0;
+
+	if (!*uts.release && uname(&uts) < 0)
+		return -ENOTSUP;
+	/*
+	 * RH kernels 3.10.0-185 and lower are affected by a crypto API kernel
+	 * socket bug. The bug only manifests on archs with page size >= 32 KiB.
+	 *
+	 * For reference, see rhbz#1136075
+	 */
+	if (sscanf(uts.release, "%u.%u.%u-%u", &maj, &mid, &min, &rel) == 4)
+		return (maj == 3 && mid == 10 && min == 0 && rel < 186) ? -ENOTSUP : 0;
+
+	return -ENOTSUP;
+}
+
 /*
  * ciphers
  *
@@ -104,6 +134,9 @@ int crypt_cipher_init(struct crypt_ciphe
 		.salg_type = "skcipher",
 	};
 
+	if (check_rh_kernel_version())
+		return -ENOTSUP;
+
 	h = malloc(sizeof(*h));
 	if (!h)
 		return -ENOMEM;