raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-06 18:09:56 +00:00
Code Issues Projects Releases Wiki Activity

s390/pkey: Wipe copies of clear-key structures on failure

Browse Source 
[ Upstream commit d65d76a44f ]

Wipe all sensitive data from stack for all IOCTLs, which convert a
clear-key into a protected- or secure-key.

Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Holger Dengler
2024-05-07 17:03:19 +02:00
committed by Greg Kroah-Hartman
parent c44a2151e5
commit 7f6243edd9
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
drivers/s390/crypto/pkey_api.c
View File

@@ -1374,9 +1374,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype, rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype,
kcs.clrkey.clrkey, kcs.seckey.seckey); kcs.clrkey.clrkey, kcs.seckey.seckey);
pr_debug("%s cca_clr2seckey()=%d\n", __func__, rc); pr_debug("%s cca_clr2seckey()=%d\n", __func__, rc);
if (rc) if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs)))
break;
if (copy_to_user(ucs, &kcs, sizeof(kcs)))
rc = -EFAULT; rc = -EFAULT;
memzero_explicit(&kcs, sizeof(kcs)); memzero_explicit(&kcs, sizeof(kcs));
break; break;
@@ -1409,9 +1407,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
kcp.protkey.protkey, kcp.protkey.protkey,
&kcp.protkey.len, &kcp.protkey.type); &kcp.protkey.len, &kcp.protkey.type);
pr_debug("%s pkey_clr2protkey()=%d\n", __func__, rc); pr_debug("%s pkey_clr2protkey()=%d\n", __func__, rc);
if (rc) if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp)))
break;
if (copy_to_user(ucp, &kcp, sizeof(kcp)))
rc = -EFAULT; rc = -EFAULT;
memzero_explicit(&kcp, sizeof(kcp)); memzero_explicit(&kcp, sizeof(kcp));
break; break;
@@ -1562,11 +1558,14 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
if (copy_from_user(&kcs, ucs, sizeof(kcs))) if (copy_from_user(&kcs, ucs, sizeof(kcs)))
return -EFAULT; return -EFAULT;
apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries); apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries);
if (IS_ERR(apqns)) if (IS_ERR(apqns)) {
memzero_explicit(&kcs, sizeof(kcs));
return PTR_ERR(apqns); return PTR_ERR(apqns);
}
kkey = kzalloc(klen, GFP_KERNEL); kkey = kzalloc(klen, GFP_KERNEL);
if (!kkey) { if (!kkey) {
kfree(apqns); kfree(apqns);
memzero_explicit(&kcs, sizeof(kcs));
return -ENOMEM; return -ENOMEM;
} }
rc = pkey_clr2seckey2(apqns, kcs.apqn_entries, rc = pkey_clr2seckey2(apqns, kcs.apqn_entries,
@@ -1576,15 +1575,18 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
kfree(apqns); kfree(apqns);
if (rc) { if (rc) {
kfree(kkey); kfree(kkey);
memzero_explicit(&kcs, sizeof(kcs));
break; break;
} }
if (kcs.key) { if (kcs.key) {
if (kcs.keylen < klen) { if (kcs.keylen < klen) {
kfree(kkey); kfree(kkey);
memzero_explicit(&kcs, sizeof(kcs));
return -EINVAL; return -EINVAL;
} }
if (copy_to_user(kcs.key, kkey, klen)) { if (copy_to_user(kcs.key, kkey, klen)) {
kfree(kkey); kfree(kkey);
memzero_explicit(&kcs, sizeof(kcs));
return -EFAULT; return -EFAULT;
} }
} }