Received: by 10.223.176.46 with SMTP id f43csp2658007wra; Mon, 22 Jan 2018 01:02:54 -0800 (PST) X-Google-Smtp-Source: AH8x227RHr5Cf/IAMFRJq6yfriTJHEoI56958AtYeOj11oCinyfFO3AganTeA/qEqsBOS6CRIZ6R X-Received: by 10.98.227.8 with SMTP id g8mr7807055pfh.164.1516611773913; Mon, 22 Jan 2018 01:02:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516611773; cv=none; d=google.com; s=arc-20160816; b=V/CTqsU+30Q6kF7znJ9QVyLfeld4pfovCWATfglb4py3C2BKrfg7JDjwixnVZwfPgz mpxKAVazw+iREaDRFmVUA0zJzcq7DOYGGgR5J/8FBJ0gMmaXOE7F+I8Bj0gSSC9DMCVW fV/tC5ZR5Ef7GbBquRBwuEYgIJVRdtEKNevDaiw0oDg94Ul4uqpn93+nL0/Ze/Lq/WPo g8c/vhCg+ys7LQIKLKaT7a6y9Ta+bKoK6BDO9+C14MwbervPXbL8lgsTeqYrv4r+tZIA 5PIuVCQGBALpUiDsRJ3MvtnLYyJmC+Kkp5b7H3vLtESifhOrb3PrwWOWmhcNXrFqY5yC ogzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=w0K/21Zv8S2YsPrnXt43s/4xRGtu8FE7gXPziwE48mo=; b=P7fDlMlyMngiOUpsw4eMopNryhjAt6xBbr0LV7RgjEzRJdw6AUVhpGBc0GqoHZite0 ah4EAuiX8wzqeCeq9RF2cBy2quRgKHCE7qzJcfjZPR/Y4K/qM7GPdZfHrS2suYDf0oN9 aKOkmuwoenFpgho9slsMtHETEURUPLpSw+ctxbSdFE5XV6S15PVdK5yjNzp6NVXL+nh7 KakA+62IMtbg4sZntebSaMwhKtoJCRfvx7rpBMCcctZNYEZfgkQEnP5etJsdN8VLINLM wpB5f1y4OMijkOp+J9RKsGh2Ri7KoGqM7UUNidBYLfe/8WptUI8hZ/qvrplfD0J5Y5X2 DZ8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w8-v6si3202884plk.597.2018.01.22.01.02.40; Mon, 22 Jan 2018 01:02:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932066AbeAVIxf (ORCPT + 99 others); Mon, 22 Jan 2018 03:53:35 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:33994 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753575AbeAVIxb (ORCPT ); Mon, 22 Jan 2018 03:53:31 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 2AF2CF2B; Mon, 22 Jan 2018 08:53:31 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ondrej Kozina , Milan Broz , Mike Snitzer Subject: [PATCH 4.14 74/89] dm crypt: wipe kernel key copy after IV initialization Date: Mon, 22 Jan 2018 09:45:54 +0100 Message-Id: <20180122084001.838083977@linuxfoundation.org> X-Mailer: git-send-email 2.16.0 In-Reply-To: <20180122083954.683903493@linuxfoundation.org> References: <20180122083954.683903493@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ondrej Kozina commit dc94902bde1e158cd19c4deab208e5d6eb382a44 upstream. Loading key via kernel keyring service erases the internal key copy immediately after we pass it in crypto layer. This is wrong because IV is initialized later and we use wrong key for the initialization (instead of real key there's just zeroed block). The bug may cause data corruption if key is loaded via kernel keyring service first and later same crypt device is reactivated using exactly same key in hexbyte representation, or vice versa. The bug (and fix) affects only ciphers using following IVs: essiv, lmk and tcw. Fixes: c538f6ec9f56 ("dm crypt: add ability to use keys from the kernel key retention service") Signed-off-by: Ondrej Kozina Reviewed-by: Milan Broz Signed-off-by: Mike Snitzer Signed-off-by: Greg Kroah-Hartman --- drivers/md/dm-crypt.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2058,9 +2058,6 @@ static int crypt_set_keyring_key(struct ret = crypt_setkey(cc); - /* wipe the kernel key payload copy in each case */ - memset(cc->key, 0, cc->key_size * sizeof(u8)); - if (!ret) { set_bit(DM_CRYPT_KEY_VALID, &cc->flags); kzfree(cc->key_string); @@ -2528,6 +2525,10 @@ static int crypt_ctr_cipher(struct dm_ta } } + /* wipe the kernel key payload copy */ + if (cc->key_string) + memset(cc->key, 0, cc->key_size * sizeof(u8)); + return ret; } @@ -2966,6 +2967,9 @@ static int crypt_message(struct dm_targe return ret; if (cc->iv_gen_ops && cc->iv_gen_ops->init) ret = cc->iv_gen_ops->init(cc); + /* wipe the kernel key payload copy */ + if (cc->key_string) + memset(cc->key, 0, cc->key_size * sizeof(u8)); return ret; } if (argc == 2 && !strcasecmp(argv[1], "wipe")) { @@ -3012,7 +3016,7 @@ static void crypt_io_hints(struct dm_tar static struct target_type crypt_target = { .name = "crypt", - .version = {1, 18, 0}, + .version = {1, 18, 1}, .module = THIS_MODULE, .ctr = crypt_ctr, .dtr = crypt_dtr,