Skip to content

Commit d65d76a

Browse files
holger-denglerAlexander Gordeev
holger-dengler
authored and
Alexander Gordeev
committed
s390/pkey: Wipe copies of clear-key structures on failure
Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. Reviewed-by: Harald Freudenberger <[email protected]> Reviewed-by: Ingo Franzki <[email protected]> Acked-by: Heiko Carstens <[email protected]> Signed-off-by: Holger Dengler <[email protected]> Signed-off-by: Alexander Gordeev <[email protected]>
1 parent 1d8c270 commit d65d76a

File tree

1 file changed

+9
-7
lines changed

1 file changed

+9
-7
lines changed

drivers/s390/crypto/pkey_api.c

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1374,9 +1374,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
13741374
rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype,
13751375
kcs.clrkey.clrkey, kcs.seckey.seckey);
13761376
pr_debug("%s cca_clr2seckey()=%d\n", __func__, rc);
1377-
if (rc)
1378-
break;
1379-
if (copy_to_user(ucs, &kcs, sizeof(kcs)))
1377+
if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs)))
13801378
rc = -EFAULT;
13811379
memzero_explicit(&kcs, sizeof(kcs));
13821380
break;
@@ -1409,9 +1407,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
14091407
kcp.protkey.protkey,
14101408
&kcp.protkey.len, &kcp.protkey.type);
14111409
pr_debug("%s pkey_clr2protkey()=%d\n", __func__, rc);
1412-
if (rc)
1413-
break;
1414-
if (copy_to_user(ucp, &kcp, sizeof(kcp)))
1410+
if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp)))
14151411
rc = -EFAULT;
14161412
memzero_explicit(&kcp, sizeof(kcp));
14171413
break;
@@ -1562,11 +1558,14 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
15621558
if (copy_from_user(&kcs, ucs, sizeof(kcs)))
15631559
return -EFAULT;
15641560
apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries);
1565-
if (IS_ERR(apqns))
1561+
if (IS_ERR(apqns)) {
1562+
memzero_explicit(&kcs, sizeof(kcs));
15661563
return PTR_ERR(apqns);
1564+
}
15671565
kkey = kzalloc(klen, GFP_KERNEL);
15681566
if (!kkey) {
15691567
kfree(apqns);
1568+
memzero_explicit(&kcs, sizeof(kcs));
15701569
return -ENOMEM;
15711570
}
15721571
rc = pkey_clr2seckey2(apqns, kcs.apqn_entries,
@@ -1576,15 +1575,18 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
15761575
kfree(apqns);
15771576
if (rc) {
15781577
kfree(kkey);
1578+
memzero_explicit(&kcs, sizeof(kcs));
15791579
break;
15801580
}
15811581
if (kcs.key) {
15821582
if (kcs.keylen < klen) {
15831583
kfree(kkey);
1584+
memzero_explicit(&kcs, sizeof(kcs));
15841585
return -EINVAL;
15851586
}
15861587
if (copy_to_user(kcs.key, kkey, klen)) {
15871588
kfree(kkey);
1589+
memzero_explicit(&kcs, sizeof(kcs));
15881590
return -EFAULT;
15891591
}
15901592
}

0 commit comments

Comments
 (0)