From: Jules Irenge jbi.octave@gmail.com
mainline inclusion from mainline-v6.10-rc1 commit 22e6824622e8a8889df0f8fc4ed5aea0e702a694 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGSJP CVE: CVE-2024-42158
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle:
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)
Signed-off-by: Jules Irenge jbi.octave@gmail.com Reviewed-by: Holger Dengler dengler@linux.ibm.com Link: https://lore.kernel.org/r/ZjqZkNi_JUJu73Rg@octinomon.home Signed-off-by: Heiko Carstens hca@linux.ibm.com Signed-off-by: Alexander Gordeev agordeev@linux.ibm.com Conflicts: drivers/s390/crypto/pkey_api.c [commit f370f45c6475 ("s390/pkey: do not use struct pkey_protkey") and 6d749b4e0208 ("s390/pkey: introduce dynamic debugging for pkey") are not merged] Signed-off-by: Zhang Changzhong zhangchangzhong@huawei.com --- drivers/s390/crypto/pkey_api.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c index 06b3d00..4a6a156 100644 --- a/drivers/s390/crypto/pkey_api.c +++ b/drivers/s390/crypto/pkey_api.c @@ -1267,8 +1267,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, return PTR_ERR(kkey); rc = pkey_keyblob2pkey(kkey, ktp.keylen, &ktp.protkey); DEBUG_DBG("%s pkey_keyblob2pkey()=%d\n", __func__, rc); - memzero_explicit(kkey, ktp.keylen); - kfree(kkey); + kfree_sensitive(kkey); if (!rc && copy_to_user(utp, &ktp, sizeof(ktp))) rc = -EFAULT; memzero_explicit(&ktp, sizeof(ktp)); @@ -1400,8 +1399,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, kkey, ktp.keylen, &ktp.protkey); DEBUG_DBG("%s pkey_keyblob2pkey2()=%d\n", __func__, rc); kfree(apqns); - memzero_explicit(kkey, ktp.keylen); - kfree(kkey); + kfree_sensitive(kkey); if (!rc && copy_to_user(utp, &ktp, sizeof(ktp))) rc = -EFAULT; memzero_explicit(&ktp, sizeof(ktp)); @@ -1526,8 +1524,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, protkey, &protkeylen); DEBUG_DBG("%s pkey_keyblob2pkey3()=%d\n", __func__, rc); kfree(apqns); - memzero_explicit(kkey, ktp.keylen); - kfree(kkey); + kfree_sensitive(kkey); if (rc) { kfree_sensitive(protkey); break;
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/10798 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/W...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/10798 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/W...