[PATCH] KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y
Jarkko Sakkinen
jarkko at kernel.org
Tue Jan 7 19:05:50 UTC 2025
On Tue Jan 7, 2025 at 9:05 PM EET, Jarkko Sakkinen wrote:
> On Tue Jan 7, 2025 at 2:56 PM EET, David Gstir wrote:
> >
> > > On 13.11.2024, at 22:27, David Gstir <david at sigma-star.at> wrote:
> > >
> > > With vmalloc stack addresses enabled (CONFIG_VMAP_STACK=y) DCP trusted
> > > keys can crash during en- and decryption of the blob encryption key via
> > > the DCP crypto driver. This is caused by improperly using sg_init_one()
> > > with vmalloc'd stack buffers (plain_key_blob).
> > >
> > > Fix this by always using kmalloc() for buffers we give to the DCP crypto
> > > driver.
> > >
> > > Cc: stable at vger.kernel.org # v6.10+
> > > Fixes: 0e28bf61a5f9 ("KEYS: trusted: dcp: fix leak of blob encryption key")
> > > Signed-off-by: David Gstir <david at sigma-star.at>
> >
> > gentle ping.
>
> It's done, thanks for reminding, and don't hesitate to do it earlier
> if this ever happens again.
I.e. I applied and will put to my PR.
BR, Jarkko
More information about the Linux-security-module-archive
mailing list