KEYS: encrypted: avoid encrypting/decrypting stack buffers - linux

diff options

author	Eric Biggers <ebiggers@google.com>	2017-06-08 15:48:10 +0200
committer	James Morris <james.l.morris@oracle.com>	2017-06-09 05:29:46 +0200
commit	e9ff56ac352446f55141aaef1553cee662b2e310 (patch)
tree	73e26cc1d669007442c1fb4c22eec12da2ac77aa /block/mq-deadline.c
parent	KEYS: put keyring if install_session_keyring_to_cred() fails (diff)
download	linux-e9ff56ac352446f55141aaef1553cee662b2e310.tar.xz linux-e9ff56ac352446f55141aaef1553cee662b2e310.zip

KEYS: encrypted: avoid encrypting/decrypting stack buffers

Since v4.9, the crypto API cannot (normally) be used to encrypt/decrypt stack buffers because the stack may be virtually mapped. Fix this for the padding buffers in encrypted-keys by using ZERO_PAGE for the encryption padding and by allocating a temporary heap buffer for the decryption padding. Tested with CONFIG_DEBUG_SG=y: keyctl new_session keyctl add user master "abcdefghijklmnop" @s keyid=$(keyctl add encrypted desc "new user:master 25" @s) datablob="$(keyctl pipe $keyid)" keyctl unlink $keyid keyid=$(keyctl add encrypted desc "load $datablob" @s) datablob2="$(keyctl pipe $keyid)" [ "$datablob" = "$datablob2" ] && echo "Success!" Cc: Andy Lutomirski <luto@kernel.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: stable@vger.kernel.org # 4.9+ Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>

Diffstat (limited to 'block/mq-deadline.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: