kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/macsec-clear-encryption-keys-from-the-stack-after-se.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   35d5cf6b5aa48b9d4dadc225e156a08d665cfd03
  2.   patches.suse
  3.   macsec-clear-encryption-keys-from-the-stack-after-se.patch
Blob History Raw
Takashi Iwai 657b13 
From aaab73f8fba4fd38f4d2617440d541a1c334e819 Mon Sep 17 00:00:00 2001
Takashi Iwai 657b13 
From: Sabrina Dubroca <sd@queasysnail.net>
Takashi Iwai 657b13 
Date: Wed, 2 Nov 2022 22:33:16 +0100
Takashi Iwai 657b13 
Subject: [PATCH] macsec: clear encryption keys from the stack after setting up offload
Takashi Iwai 657b13 
Git-commit: aaab73f8fba4fd38f4d2617440d541a1c334e819
Takashi Iwai 657b13 
Patch-mainline: v6.1-rc5
Takashi Iwai 657b13 
References: git-fixes
Takashi Iwai 657b13
Takashi Iwai 657b13 
macsec_add_rxsa and macsec_add_txsa copy the key to an on-stack
Takashi Iwai 657b13 
offloading context to pass it to the drivers, but leaves it there when
Takashi Iwai 657b13 
it's done. Clear it with memzero_explicit as soon as it's not needed
Takashi Iwai 657b13 
anymore.
Takashi Iwai 657b13
Takashi Iwai 657b13 
Fixes: 3cf3227a21d1 ("net: macsec: hardware offloading infrastructure")
Takashi Iwai 657b13 
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Takashi Iwai 657b13 
Reviewed-by: Antoine Tenart <atenart@kernel.org>
Takashi Iwai 657b13 
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Takashi Iwai 657b13 
Signed-off-by: David S. Miller <davem@davemloft.net>
Takashi Iwai 657b13 
Acked-by: Takashi Iwai <tiwai@suse.de>
Takashi Iwai 657b13
Takashi Iwai 657b13 
---
Takashi Iwai 657b13 
 drivers/net/macsec.c | 2 ++
Takashi Iwai 657b13 
 1 file changed, 2 insertions(+)
Takashi Iwai 657b13
Takashi Iwai 657b13 
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
Takashi Iwai 657b13 
index 700a8f96c6c2..85376d2f24ca 100644
Takashi Iwai 657b13 
--- a/drivers/net/macsec.c
Takashi Iwai 657b13 
+++ b/drivers/net/macsec.c
Takashi Iwai 657b13 
@@ -1839,6 +1839,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
Takashi Iwai 657b13 
 		       secy->key_len);
Takashi Iwai 657b13
Takashi Iwai 657b13 
 		err = macsec_offload(ops->mdo_add_rxsa, &ctx;;
Takashi Iwai 657b13 
+		memzero_explicit(ctx.sa.key, secy->key_len);
Takashi Iwai 657b13 
 		if (err)
Takashi Iwai 657b13 
 			goto cleanup;
Takashi Iwai 657b13 
 	}
Takashi Iwai 657b13 
@@ -2081,6 +2082,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
Takashi Iwai 657b13 
 		       secy->key_len);
Takashi Iwai 657b13
Takashi Iwai 657b13 
 		err = macsec_offload(ops->mdo_add_txsa, &ctx;;
Takashi Iwai 657b13 
+		memzero_explicit(ctx.sa.key, secy->key_len);
Takashi Iwai 657b13 
 		if (err)
Takashi Iwai 657b13 
 			goto cleanup;
Takashi Iwai 657b13 
 	}
Takashi Iwai 657b13 
--
Takashi Iwai 657b13 
2.35.3
Takashi Iwai 657b13
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.