Commit bfd6dd73 authored Aug 06, 2024 by Holger Dengler Committed by Peng Zhang Aug 06, 2024

s390/pkey: Wipe sensitive data on failure

mainline inclusion
from mainline-v6.10-rc1
commit 1d8c270de5eb74245d72325d285894a577a945d9
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGSLY
CVE: CVE-2024-42157

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d8c270de5eb74245d72325d285894a577a945d9



---------------------------------------------------------

Wipe sensitive data from stack also if the copy_to_user() fails.

Suggested-by: Heiko Carstens <hca@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>

parent 6cfbe577

drivers/s390/crypto/pkey_api.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1154,7 +1154,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
		if (rc)
		break;
		if (copy_to_user(ucs, &kcs, sizeof(kcs)))
		return -EFAULT;
		rc = -EFAULT;
		memzero_explicit(&kcs, sizeof(kcs));
		break;
		}
		@@ -1185,7 +1185,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
		if (rc)
		break;
		if (copy_to_user(ucp, &kcp, sizeof(kcp)))
		return -EFAULT;
		rc = -EFAULT;
		memzero_explicit(&kcp, sizeof(kcp));
		break;
		}