From: Harald Freudenberger <freude@linux.ibm.com>
To: fcallies@linux.ibm.com
Cc: freude@linux.ibm.com, linux-s390@vger.kernel.org,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
dengler@linux.ibm.com
Subject: [PATCH v3 1/1] s390/zcrypt: Improve zcrypt reply message verification checks
Date: Thu, 9 Jul 2026 11:22:19 +0200 [thread overview]
Message-ID: <20260709092219.57356-2-freude@linux.ibm.com> (raw)
In-Reply-To: <20260709092219.57356-1-freude@linux.ibm.com>
Add or improve checks related to buffer sizes and reply sizes to the
handling of replies from the crypto cards for CCA and EP11 (AP message
type 6) messages. The verification code related to reply field length
was not designed well and thus firmware deficiencies could lead to
unexpected behavior in the zcrypt device driver. Thus improve the code
to more closely inspect especially length fields at message replies.
The 3 hunks of this patch deal with CCA, EP11 and (CCA) RNG replies
and improve the checking for reply buffer size by using size_t instead
of int and the check_add_overflow() function. For RNG replies an
additional check makes sure the hard coded limit of the data buffer is
not exceeded.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Cc: stable@vger.kernel.org
---
drivers/s390/crypto/zcrypt_msgtype6.c | 39 ++++++++++++++++++++++-----
1 file changed, 32 insertions(+), 7 deletions(-)
diff --git a/drivers/s390/crypto/zcrypt_msgtype6.c b/drivers/s390/crypto/zcrypt_msgtype6.c
index 40f72cdf284d..5deef2e38f06 100644
--- a/drivers/s390/crypto/zcrypt_msgtype6.c
+++ b/drivers/s390/crypto/zcrypt_msgtype6.c
@@ -691,6 +691,13 @@ static int convert_type86_rng(struct zcrypt_queue *zq,
if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
return -EINVAL;
+ /*
+ * Note that offset2 and count2 have already been checked in
+ * zcrypt_msgtype6_receive(). So only check for not exceeding
+ * the hard coded rng buffer size.
+ */
+ if (msg->fmt2.count2 > ZCRYPT_RNG_BUFFER_SIZE)
+ return -EMSGSIZE;
memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
return msg->fmt2.count2;
}
@@ -853,7 +860,7 @@ static void zcrypt_msgtype6_receive(struct ap_queue *aq,
};
struct ap_response_type *resp_type = &msg->response;
struct type86x_reply *t86r;
- int len;
+ size_t len;
/* Copy the reply message to the request message buffer. */
if (!reply)
@@ -874,10 +881,23 @@ static void zcrypt_msgtype6_receive(struct ap_queue *aq,
msg->len = len;
break;
case CEXXC_RESPONSE_TYPE_XCRB:
- if (t86r->fmt2.count2)
- len = t86r->fmt2.offset2 + t86r->fmt2.count2;
- else
- len = t86r->fmt2.offset1 + t86r->fmt2.count1;
+ if (t86r->fmt2.count2) {
+ if (check_add_overflow(t86r->fmt2.offset2,
+ t86r->fmt2.count2,
+ &len)) {
+ pr_debug("len overflow => EMSGSIZE\n");
+ msg->rc = -EMSGSIZE;
+ goto out;
+ }
+ } else {
+ if (check_add_overflow(t86r->fmt2.offset1,
+ t86r->fmt2.count1,
+ &len)) {
+ pr_debug("len overflow => EMSGSIZE\n");
+ msg->rc = -EMSGSIZE;
+ goto out;
+ }
+ }
if (len > reply->bufsize || len > msg->bufsize ||
len != reply->len) {
pr_debug("len mismatch => EMSGSIZE\n");
@@ -917,7 +937,7 @@ static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
};
struct ap_response_type *resp_type = &msg->response;
struct type86_ep11_reply *t86r;
- int len;
+ size_t len;
/* Copy the reply message to the request message buffer. */
if (!reply)
@@ -927,7 +947,12 @@ static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
t86r->cprbx.cprb_ver_id == 0x04) {
switch (resp_type->type) {
case CEXXC_RESPONSE_TYPE_EP11:
- len = t86r->fmt2.offset1 + t86r->fmt2.count1;
+ if (check_add_overflow(t86r->fmt2.offset1,
+ t86r->fmt2.count1, &len)) {
+ pr_debug("len overflow => EMSGSIZE\n");
+ msg->rc = -EMSGSIZE;
+ goto out;
+ }
if (len > reply->bufsize || len > msg->bufsize ||
len != reply->len) {
pr_debug("len mismatch => EMSGSIZE\n");
--
2.43.0
next prev parent reply other threads:[~2026-07-09 9:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-09 9:22 [PATCH v3 0/1] Improve zcrypt reply message verification checks Harald Freudenberger
2026-07-09 9:22 ` Harald Freudenberger [this message]
2026-07-09 9:37 ` [PATCH v3 1/1] s390/zcrypt: " sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260709092219.57356-2-freude@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox