s390 fixes for 6.5-rc3

- Fix per vma lock fault handling: add missing !(fault & VM_FAULT_ERROR)
   check to fault handler to prevent error handling for return values that
   don't indicate an error
 
 - Use kfree_sensitive() instead of kfree() in paes crypto code to clear
   memory that may contain keys before freeing it
 
 - Fix reply buffer size calculation for CCA replies in zcrypt device driver
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEECMNfWEw3SLnmiLkZIg7DeRspbsIFAmS7+SgACgkQIg7DeRsp
 bsJhUhAAi+4wp6ptSwwG4YMgX8i7nmC8uQz2cTI/KOcaBmYzXTqTjx71pi6+myFo
 2/rJZPOwBlndAKI3I9NvofUMnCAX6XeYCpBs27GLIXWoZqyCIXd2KGr7HjWO2/Qw
 d30o6UNnjndiNsMPCsWQ0C6L7bEmuZE0BbZ4qQNyUzCB7oEHydgJhfXtnmPkeVt2
 5DX9oKvnz8flxL8ei3ouysO13DYMNVOZcWaytKfwUoaME0ivvzZc6Xa0KksMhbNh
 5ayB3MqrtKb3RUyt+EM92JOyxA5M9wCdFU00J4IKboTTNhq2tNe/CntzuCugFGbh
 lNoi570EKDuXLgg3L80o3ek3wg+rwmrkbY2AVnDAlK/eFU/fekiQatf9qsaaDzI/
 t4KALAGCcnEIw7oYzbOoQOG8+zguVkg2YCjnfaWH8ZUqfDtAvwyXgM2v39RyXvE3
 YLgtZTr+X7m6iDRIg2L3REPCaSPTj9sf40gWmZbniao9aQAg6le3kLmQ5wQyO0zu
 Rlp13HzvS2e56nwpp97JqvwluayDPnKcXyUwU4tESMmdvQTmlf4/mgGqo5dJLSp3
 Uhedh/b/ODYxUsqS/W1b+kX09+i/WOzNCLJaVohiKYF8mJNlF5iEi7MrCyfxg4cD
 MgUEeH/j0k6fYUu/J6Rbob0hiqmEjoL00x4qQoTjW5bMxncnhIc=
 =WgxK
 -----END PGP SIGNATURE-----

Merge tag 's390-6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Heiko Carstens:

 - Fix per vma lock fault handling: add missing !(fault & VM_FAULT_ERROR)
   check to fault handler to prevent error handling for return values
   that don't indicate an error

 - Use kfree_sensitive() instead of kfree() in paes crypto code to clear
   memory that may contain keys before freeing it

 - Fix reply buffer size calculation for CCA replies in zcrypt device
   driver

* tag 's390-6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/zcrypt: fix reply buffer calculations for CCA replies
  s390/crypto: use kfree_sensitive() instead of kfree()
  s390/mm: fix per vma lock fault handling
This commit is contained in:
Linus Torvalds 2023-07-22 11:24:03 -07:00
commit 295e1388de
3 changed files with 26 additions and 11 deletions

View File

@ -103,7 +103,7 @@ static inline void _free_kb_keybuf(struct key_blob *kb)
{
if (kb->key && kb->key != kb->keybuf
&& kb->keylen > sizeof(kb->keybuf)) {
kfree(kb->key);
kfree_sensitive(kb->key);
kb->key = NULL;
}
}

View File

@ -421,6 +421,8 @@ static inline vm_fault_t do_exception(struct pt_regs *regs, int access)
vma_end_read(vma);
if (!(fault & VM_FAULT_RETRY)) {
count_vm_vma_lock_event(VMA_LOCK_SUCCESS);
if (likely(!(fault & VM_FAULT_ERROR)))
fault = 0;
goto out;
}
count_vm_vma_lock_event(VMA_LOCK_RETRY);

View File

@ -1101,23 +1101,36 @@ static long zcrypt_msgtype6_send_cprb(bool userspace, struct zcrypt_queue *zq,
struct ica_xcRB *xcrb,
struct ap_message *ap_msg)
{
int rc;
struct response_type *rtype = ap_msg->private;
struct {
struct type6_hdr hdr;
struct CPRBX cprbx;
/* ... more data blocks ... */
} __packed * msg = ap_msg->msg;
unsigned int max_payload_size;
int rc, delta;
/* calculate maximum payload for this card and msg type */
max_payload_size = zq->reply.bufsize - sizeof(struct type86_fmt2_msg);
/* limit each of the two from fields to the maximum payload size */
msg->hdr.fromcardlen1 = min(msg->hdr.fromcardlen1, max_payload_size);
msg->hdr.fromcardlen2 = min(msg->hdr.fromcardlen2, max_payload_size);
/* calculate delta if the sum of both exceeds max payload size */
delta = msg->hdr.fromcardlen1 + msg->hdr.fromcardlen2
- max_payload_size;
if (delta > 0) {
/*
* Set the queue's reply buffer length minus 128 byte padding
* as reply limit for the card firmware.
* Sum exceeds maximum payload size, prune fromcardlen1
* (always trust fromcardlen2)
*/
msg->hdr.fromcardlen1 = min_t(unsigned int, msg->hdr.fromcardlen1,
zq->reply.bufsize - 128);
if (msg->hdr.fromcardlen2)
msg->hdr.fromcardlen2 =
zq->reply.bufsize - msg->hdr.fromcardlen1 - 128;
if (delta > msg->hdr.fromcardlen1) {
rc = -EINVAL;
goto out;
}
msg->hdr.fromcardlen1 -= delta;
}
init_completion(&rtype->work);
rc = ap_queue_message(zq->queue, ap_msg);