Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/s390/crypto
History
Fedor Pchelkin 7360ee4759 s390/pkey: Prevent overflow in size calculation for memdup_user() 
Number of apqn target list entries contained in 'nr_apqns' variable is
determined by userspace via an ioctl call so the result of the product in
calculation of size passed to memdup_user() may overflow.

In this case the actual size of the allocated area and the value
describing it won't be in sync leading to various types of unpredictable
behaviour later.

Use a proper memdup_array_user() helper which returns an error if an
overflow is detected. Note that it is different from when nr_apqns is
initially zero - that case is considered valid and should be handled in
subsequent pkey_handler implementations.

Found by Linux Verification Center (linuxtesting.org).

Fixes: f2bbc96e7c ("s390/pkey: add CCA AES cipher key support")
Cc: stable@vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Link: https://lore.kernel.org/r/20250611192011.206057-1-pchelkin@ispras.ru
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
 		2025-06-16 16:15:24 +02:00
..
Makefile s390/pkey: Add new pkey handler module pkey-uv 2024-10-29 11:17:18 +01:00
ap_bus.c treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
ap_bus.h s390/ap/zcrypt: New xflag parameter 2025-04-30 11:34:00 +02:00
ap_card.c
ap_debug.h
ap_queue.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
pkey_api.c s390/pkey: Prevent overflow in size calculation for memdup_user() 2025-06-16 16:15:24 +02:00
pkey_base.c s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
pkey_base.h s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
pkey_cca.c s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
pkey_ep11.c s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
pkey_pckmo.c s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
pkey_sysfs.c s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
pkey_uv.c s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
vfio_ap_debug.h
vfio_ap_drv.c s390/vfio-ap: Driver feature advertisement 2024-09-23 17:57:04 +02:00
vfio_ap_ops.c s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log 2025-04-01 16:24:22 +02:00
vfio_ap_private.h s390/vfio-ap: Signal eventfd when guest AP configuration is changed 2025-02-18 18:53:48 +01:00
zcrypt_api.c s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext 2025-04-30 11:34:01 +02:00
zcrypt_api.h s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext 2025-04-30 11:34:01 +02:00
zcrypt_card.c
zcrypt_cca_key.h
zcrypt_ccamisc.c s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
zcrypt_ccamisc.h s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
zcrypt_cex2a.c
zcrypt_cex2a.h
zcrypt_cex2c.c
zcrypt_cex2c.h
zcrypt_cex4.c s390/zcrypt: Rework ep11 misc functions to use cprb mempool 2025-04-30 11:34:02 +02:00
zcrypt_cex4.h
zcrypt_debug.h
zcrypt_ep11misc.c s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
zcrypt_ep11misc.h s390/pkey: Provide and pass xflags within pkey and zcrypt layers 2025-04-30 11:34:03 +02:00
zcrypt_error.h
zcrypt_msgtype6.c s390/ap/zcrypt: Rework AP message buffer allocation 2025-04-30 11:34:00 +02:00
zcrypt_msgtype6.h
zcrypt_msgtype50.c s390/ap/zcrypt: Rework AP message buffer allocation 2025-04-30 11:34:00 +02:00
zcrypt_msgtype50.h
zcrypt_queue.c