From: "Lee, Chun-Yi" Subject: [PATCH 13/18] Hibernate: Avoid S4 sign key data included in snapshot image Date: Thu, 22 Aug 2013 19:01:52 +0800 Message-ID: <1377169317-5959-14-git-send-email-jlee@suse.com> References: <1377169317-5959-1-git-send-email-jlee@suse.com> Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw@public.gmane.org, David Howells , "Rafael J. Wysocki" , Matthew Garrett , Len Brown , Pavel Machek , Josh Boyer , Vojtech Pavlik , Matt Fleming , James Bottomley , Greg KH , JKosina-IBi9RG/b67k@public.gmane.org, Rusty Russell , Herbert Xu , "David S. Miller" , "H. Peter Anvin" , Michal Marek , Gary Lin , Vivek Goyal , "Lee, Chun-Yi" To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Return-path: In-Reply-To: <1377169317-5959-1-git-send-email-jlee-IBi9RG/b67k@public.gmane.org> List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: List-Archive: List-Id: linux-crypto.vger.kernel.org This patch add swsusp_page_is_sign_key() method to hibernate_key.c and check the page is S4 sign key data when collect saveable page in snapshot.c to avoid sign key data included in snapshot image. Reviewed-by: Jiri Kosina Signed-off-by: Lee, Chun-Yi --- kernel/power/snapshot.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c index 72e2911..9e4c94b 100644 --- a/kernel/power/snapshot.c +++ b/kernel/power/snapshot.c @@ -860,6 +860,9 @@ static struct page *saveable_highmem_page(struct zone *zone, unsigned long pfn) BUG_ON(!PageHighMem(page)); + if (swsusp_page_is_sign_key(page)) + return NULL; + if (swsusp_page_is_forbidden(page) || swsusp_page_is_free(page) || PageReserved(page)) return NULL; @@ -922,6 +925,9 @@ static struct page *saveable_page(struct zone *zone, unsigned long pfn) BUG_ON(PageHighMem(page)); + if (swsusp_page_is_sign_key(page)) + return NULL; + if (swsusp_page_is_forbidden(page) || swsusp_page_is_free(page)) return NULL; -- 1.6.4.2