Commit d65d76a4 authored by Holger Dengler's avatar Holger Dengler Committed by Alexander Gordeev

s390/pkey: Wipe copies of clear-key structures on failure

Wipe all sensitive data from stack for all IOCTLs, which convert a
clear-key into a protected- or secure-key.
Reviewed-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
Reviewed-by: default avatarIngo Franzki <ifranzki@linux.ibm.com>
Acked-by: default avatarHeiko Carstens <hca@linux.ibm.com>
Signed-off-by: default avatarHolger Dengler <dengler@linux.ibm.com>
Signed-off-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
parent 1d8c270d
...@@ -1374,9 +1374,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, ...@@ -1374,9 +1374,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype, rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype,
kcs.clrkey.clrkey, kcs.seckey.seckey); kcs.clrkey.clrkey, kcs.seckey.seckey);
pr_debug("%s cca_clr2seckey()=%d\n", __func__, rc); pr_debug("%s cca_clr2seckey()=%d\n", __func__, rc);
if (rc) if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs)))
break;
if (copy_to_user(ucs, &kcs, sizeof(kcs)))
rc = -EFAULT; rc = -EFAULT;
memzero_explicit(&kcs, sizeof(kcs)); memzero_explicit(&kcs, sizeof(kcs));
break; break;
...@@ -1409,9 +1407,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, ...@@ -1409,9 +1407,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
kcp.protkey.protkey, kcp.protkey.protkey,
&kcp.protkey.len, &kcp.protkey.type); &kcp.protkey.len, &kcp.protkey.type);
pr_debug("%s pkey_clr2protkey()=%d\n", __func__, rc); pr_debug("%s pkey_clr2protkey()=%d\n", __func__, rc);
if (rc) if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp)))
break;
if (copy_to_user(ucp, &kcp, sizeof(kcp)))
rc = -EFAULT; rc = -EFAULT;
memzero_explicit(&kcp, sizeof(kcp)); memzero_explicit(&kcp, sizeof(kcp));
break; break;
...@@ -1562,11 +1558,14 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, ...@@ -1562,11 +1558,14 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
if (copy_from_user(&kcs, ucs, sizeof(kcs))) if (copy_from_user(&kcs, ucs, sizeof(kcs)))
return -EFAULT; return -EFAULT;
apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries); apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries);
if (IS_ERR(apqns)) if (IS_ERR(apqns)) {
memzero_explicit(&kcs, sizeof(kcs));
return PTR_ERR(apqns); return PTR_ERR(apqns);
}
kkey = kzalloc(klen, GFP_KERNEL); kkey = kzalloc(klen, GFP_KERNEL);
if (!kkey) { if (!kkey) {
kfree(apqns); kfree(apqns);
memzero_explicit(&kcs, sizeof(kcs));
return -ENOMEM; return -ENOMEM;
} }
rc = pkey_clr2seckey2(apqns, kcs.apqn_entries, rc = pkey_clr2seckey2(apqns, kcs.apqn_entries,
...@@ -1576,15 +1575,18 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, ...@@ -1576,15 +1575,18 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
kfree(apqns); kfree(apqns);
if (rc) { if (rc) {
kfree(kkey); kfree(kkey);
memzero_explicit(&kcs, sizeof(kcs));
break; break;
} }
if (kcs.key) { if (kcs.key) {
if (kcs.keylen < klen) { if (kcs.keylen < klen) {
kfree(kkey); kfree(kkey);
memzero_explicit(&kcs, sizeof(kcs));
return -EINVAL; return -EINVAL;
} }
if (copy_to_user(kcs.key, kkey, klen)) { if (copy_to_user(kcs.key, kkey, klen)) {
kfree(kkey); kfree(kkey);
memzero_explicit(&kcs, sizeof(kcs));
return -EFAULT; return -EFAULT;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment