[PATCH openEuler-22.03-LTS-SP1] s390/pkey: Wipe sensitive data on failure - Kernel

6 Aug 2024

From: Holger Dengler dengler@linux.ibm.com
mainline inclusion
from mainline-v6.10-rc1
commit 1d8c270de5eb74245d72325d285894a577a945d9
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGSLY
CVE: CVE-2024-42157
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
---------------------------------------------------------
Wipe sensitive data from stack also if the copy_to_user() fails.
Suggested-by: Heiko Carstens hca@linux.ibm.com
Reviewed-by: Harald Freudenberger freude@linux.ibm.com
Reviewed-by: Ingo Franzki ifranzki@linux.ibm.com
Acked-by: Heiko Carstens hca@linux.ibm.com
Signed-off-by: Holger Dengler dengler@linux.ibm.com
Signed-off-by: Alexander Gordeev agordeev@linux.ibm.com
Signed-off-by: ZhangPeng zhangpeng362@huawei.com
---
 drivers/s390/crypto/pkey_api.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 6e07a02f4363..eccee7cabf18 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -1154,7 +1154,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
    	if (rc)
    		break;
    	if (copy_to_user(ucs, &kcs, sizeof(kcs)))
-			return -EFAULT;
+			rc = -EFAULT;
    	memzero_explicit(&kcs, sizeof(kcs));
    	break;
    }
@@ -1185,7 +1185,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
    	if (rc)
    		break;
    	if (copy_to_user(ucp, &kcp, sizeof(kcp)))
-			return -EFAULT;
+			rc = -EFAULT;
    	memzero_explicit(&kcp, sizeof(kcp));
    	break;
    }
-- 
2.25.1


    