s390 fixes for 6.5-rc3
- Fix per vma lock fault handling: add missing !(fault & VM_FAULT_ERROR) check to fault handler to prevent error handling for return values that don't indicate an error - Use kfree_sensitive() instead of kfree() in paes crypto code to clear memory that may contain keys before freeing it - Fix reply buffer size calculation for CCA replies in zcrypt device driver -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEECMNfWEw3SLnmiLkZIg7DeRspbsIFAmS7+SgACgkQIg7DeRsp bsJhUhAAi+4wp6ptSwwG4YMgX8i7nmC8uQz2cTI/KOcaBmYzXTqTjx71pi6+myFo 2/rJZPOwBlndAKI3I9NvofUMnCAX6XeYCpBs27GLIXWoZqyCIXd2KGr7HjWO2/Qw d30o6UNnjndiNsMPCsWQ0C6L7bEmuZE0BbZ4qQNyUzCB7oEHydgJhfXtnmPkeVt2 5DX9oKvnz8flxL8ei3ouysO13DYMNVOZcWaytKfwUoaME0ivvzZc6Xa0KksMhbNh 5ayB3MqrtKb3RUyt+EM92JOyxA5M9wCdFU00J4IKboTTNhq2tNe/CntzuCugFGbh lNoi570EKDuXLgg3L80o3ek3wg+rwmrkbY2AVnDAlK/eFU/fekiQatf9qsaaDzI/ t4KALAGCcnEIw7oYzbOoQOG8+zguVkg2YCjnfaWH8ZUqfDtAvwyXgM2v39RyXvE3 YLgtZTr+X7m6iDRIg2L3REPCaSPTj9sf40gWmZbniao9aQAg6le3kLmQ5wQyO0zu Rlp13HzvS2e56nwpp97JqvwluayDPnKcXyUwU4tESMmdvQTmlf4/mgGqo5dJLSp3 Uhedh/b/ODYxUsqS/W1b+kX09+i/WOzNCLJaVohiKYF8mJNlF5iEi7MrCyfxg4cD MgUEeH/j0k6fYUu/J6Rbob0hiqmEjoL00x4qQoTjW5bMxncnhIc= =WgxK -----END PGP SIGNATURE----- Merge tag 's390-6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Heiko Carstens: - Fix per vma lock fault handling: add missing !(fault & VM_FAULT_ERROR) check to fault handler to prevent error handling for return values that don't indicate an error - Use kfree_sensitive() instead of kfree() in paes crypto code to clear memory that may contain keys before freeing it - Fix reply buffer size calculation for CCA replies in zcrypt device driver * tag 's390-6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/zcrypt: fix reply buffer calculations for CCA replies s390/crypto: use kfree_sensitive() instead of kfree() s390/mm: fix per vma lock fault handling
This commit is contained in:
commit
295e1388de
@ -103,7 +103,7 @@ static inline void _free_kb_keybuf(struct key_blob *kb)
|
||||
{
|
||||
if (kb->key && kb->key != kb->keybuf
|
||||
&& kb->keylen > sizeof(kb->keybuf)) {
|
||||
kfree(kb->key);
|
||||
kfree_sensitive(kb->key);
|
||||
kb->key = NULL;
|
||||
}
|
||||
}
|
||||
|
@ -421,6 +421,8 @@ static inline vm_fault_t do_exception(struct pt_regs *regs, int access)
|
||||
vma_end_read(vma);
|
||||
if (!(fault & VM_FAULT_RETRY)) {
|
||||
count_vm_vma_lock_event(VMA_LOCK_SUCCESS);
|
||||
if (likely(!(fault & VM_FAULT_ERROR)))
|
||||
fault = 0;
|
||||
goto out;
|
||||
}
|
||||
count_vm_vma_lock_event(VMA_LOCK_RETRY);
|
||||
|
@ -1101,23 +1101,36 @@ static long zcrypt_msgtype6_send_cprb(bool userspace, struct zcrypt_queue *zq,
|
||||
struct ica_xcRB *xcrb,
|
||||
struct ap_message *ap_msg)
|
||||
{
|
||||
int rc;
|
||||
struct response_type *rtype = ap_msg->private;
|
||||
struct {
|
||||
struct type6_hdr hdr;
|
||||
struct CPRBX cprbx;
|
||||
/* ... more data blocks ... */
|
||||
} __packed * msg = ap_msg->msg;
|
||||
unsigned int max_payload_size;
|
||||
int rc, delta;
|
||||
|
||||
/*
|
||||
* Set the queue's reply buffer length minus 128 byte padding
|
||||
* as reply limit for the card firmware.
|
||||
*/
|
||||
msg->hdr.fromcardlen1 = min_t(unsigned int, msg->hdr.fromcardlen1,
|
||||
zq->reply.bufsize - 128);
|
||||
if (msg->hdr.fromcardlen2)
|
||||
msg->hdr.fromcardlen2 =
|
||||
zq->reply.bufsize - msg->hdr.fromcardlen1 - 128;
|
||||
/* calculate maximum payload for this card and msg type */
|
||||
max_payload_size = zq->reply.bufsize - sizeof(struct type86_fmt2_msg);
|
||||
|
||||
/* limit each of the two from fields to the maximum payload size */
|
||||
msg->hdr.fromcardlen1 = min(msg->hdr.fromcardlen1, max_payload_size);
|
||||
msg->hdr.fromcardlen2 = min(msg->hdr.fromcardlen2, max_payload_size);
|
||||
|
||||
/* calculate delta if the sum of both exceeds max payload size */
|
||||
delta = msg->hdr.fromcardlen1 + msg->hdr.fromcardlen2
|
||||
- max_payload_size;
|
||||
if (delta > 0) {
|
||||
/*
|
||||
* Sum exceeds maximum payload size, prune fromcardlen1
|
||||
* (always trust fromcardlen2)
|
||||
*/
|
||||
if (delta > msg->hdr.fromcardlen1) {
|
||||
rc = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
msg->hdr.fromcardlen1 -= delta;
|
||||
}
|
||||
|
||||
init_completion(&rtype->work);
|
||||
rc = ap_queue_message(zq->queue, ap_msg);
|
||||
|
Loading…
Reference in New Issue
Block a user