From: Holger Dengler dengler@linux.ibm.com
mainline inclusion from mainline-v6.10-rc1 commit 1d8c270de5eb74245d72325d285894a577a945d9 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGSLY CVE: CVE-2024-42157
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
---------------------------------------------------------
Wipe sensitive data from stack also if the copy_to_user() fails.
Suggested-by: Heiko Carstens hca@linux.ibm.com Reviewed-by: Harald Freudenberger freude@linux.ibm.com Reviewed-by: Ingo Franzki ifranzki@linux.ibm.com Acked-by: Heiko Carstens hca@linux.ibm.com Signed-off-by: Holger Dengler dengler@linux.ibm.com Signed-off-by: Alexander Gordeev agordeev@linux.ibm.com Signed-off-by: ZhangPeng zhangpeng362@huawei.com --- drivers/s390/crypto/pkey_api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c index b16344479959..fa97e666f19e 100644 --- a/drivers/s390/crypto/pkey_api.c +++ b/drivers/s390/crypto/pkey_api.c @@ -1089,7 +1089,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, if (rc) break; if (copy_to_user(ucs, &kcs, sizeof(kcs))) - return -EFAULT; + rc = -EFAULT; memzero_explicit(&kcs, sizeof(kcs)); break; } @@ -1120,7 +1120,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, if (rc) break; if (copy_to_user(ucp, &kcp, sizeof(kcp))) - return -EFAULT; + rc = -EFAULT; memzero_explicit(&kcp, sizeof(kcp)); break; }
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/10803 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/C...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/10803 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/C...