raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-24 19:12:14 +00:00
Code Issues Projects Releases Wiki Activity
Files
681ee24cd5a2e4cafca449fecbcddba4fbdb080d
linux/security
History
David Gstir 3192f1c54d KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y 
commit e8d9fab39d upstream.

With vmalloc stack addresses enabled (CONFIG_VMAP_STACK=y) DCP trusted
keys can crash during en- and decryption of the blob encryption key via
the DCP crypto driver. This is caused by improperly using sg_init_one()
with vmalloc'd stack buffers (plain_key_blob).

Fix this by always using kmalloc() for buffers we give to the DCP crypto
driver.

Cc: stable@vger.kernel.org # v6.10+
Fixes: 0e28bf61a5 ("KEYS: trusted: dcp: fix leak of blob encryption key")
Signed-off-by: David Gstir <david@sigma-star.at>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-02-17 10:05:09 +01:00
..
apparmor
apparmor: allocate xmatch for nullpdb inside aa_alloc_null
2025-01-23 17:23:05 +01:00
bpf
bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
2024-09-11 10:11:36 -07:00
integrity
integrity: Use static_assert() to check struct sizes
2024-10-09 22:49:40 -04:00
ipe
ipe: fallback to platform keyring also if key in trusted keyring is rejected
2024-10-18 12:14:53 -07:00
keys
KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y
2025-02-17 10:05:09 +01:00
landlock
landlock: Handle weird files
2025-02-08 09:57:16 +01:00
loadpin
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
lockdown
lockdown: Make lockdown_lsmid static
2024-08-15 12:11:42 -04:00
safesetid
safesetid: check size of policy writes
2025-02-17 10:04:49 +01:00
selinux
selinux: ignore unknown extended permissions
2025-01-09 13:33:32 +01:00
smack
Merge tag 'lsm-pr-20240923' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm
2024-09-24 10:18:15 -07:00
tomoyo
tomoyo: don't emit warning in tomoyo_write_control()
2025-02-17 10:04:50 +01:00
yama
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
commoncap.c
lsm: Refactor return value of LSM hook vm_enough_memory
2024-07-31 14:46:51 -04:00
device_cgroup.c
device_cgroup: Fix kernel-doc warnings in device_cgroup
2023-06-21 09:30:49 -04:00
inode.c
lsm: Use IS_ERR_OR_NULL() helper function
2024-08-29 11:12:13 -04:00
Kconfig
Merge tag 'lsm-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm
2024-09-16 18:19:47 +02:00
Kconfig.hardening
hardening: Adjust dependencies in selection of MODVERSIONS
2024-09-28 13:56:03 -07:00
lsm_audit.c
lsm: fix a number of misspellings
2023-05-25 17:52:15 -04:00
lsm_syscalls.c
lsm: use 32-bit compatible data types in LSM syscalls
2024-03-14 11:31:26 -04:00
Makefile
lsm: add IPE lsm
2024-08-19 22:36:26 -04:00
min_addr.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
security.c
bcachefs: do not use PF_MEMALLOC_NORECLAIM
2024-10-09 12:47:18 -07:00