linux.git - Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

diff options

author	David Gstir <david@sigma-star.at>	2024-11-13 22:27:54 +0100
committer	Jarkko Sakkinen <jarkko@kernel.org>	2025-01-21 11:25:23 +0200
commit	e8d9fab39d1f87b52932646b2f1e7877aa3fc0f4 (patch)
tree	6a7fb188d34261e867683822e24bd1f6d9afd884 /security/safesetid/securityfs.c
parent	5f56d41a21b6d17b59525958a57feffe597b7de5 (diff)
download	linux-e8d9fab39d1f87b52932646b2f1e7877aa3fc0f4.tar.gz linux-e8d9fab39d1f87b52932646b2f1e7877aa3fc0f4.tar.bz2 linux-e8d9fab39d1f87b52932646b2f1e7877aa3fc0f4.zip

KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y

With vmalloc stack addresses enabled (CONFIG_VMAP_STACK=y) DCP trusted keys can crash during en- and decryption of the blob encryption key via the DCP crypto driver. This is caused by improperly using sg_init_one() with vmalloc'd stack buffers (plain_key_blob). Fix this by always using kmalloc() for buffers we give to the DCP crypto driver. Cc: stable@vger.kernel.org # v6.10+ Fixes: 0e28bf61a5f9 ("KEYS: trusted: dcp: fix leak of blob encryption key") Signed-off-by: David Gstir <david@sigma-star.at> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

Diffstat (limited to 'security/safesetid/securityfs.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: