* [PATCH v1 0/1] Fix missing mem scrub at clear key import in cca_clr2cipherkey()
@ 2026-07-10 13:26 Harald Freudenberger
2026-07-10 13:26 ` [PATCH v1 1/1] s390/zcrypt: " Harald Freudenberger
0 siblings, 1 reply; 3+ messages in thread
From: Harald Freudenberger @ 2026-07-10 13:26 UTC (permalink / raw)
To: dengler, fcallies
Cc: freude, linux-s390, Heiko Carstens, Vasily Gorbik,
Alexander Gordeev
The helper function _ip_cprb_helper() uses internal buffer memory for
building and processing CPRBs. After use this buffer was never
scrubbed which could lead to leaving for example clear key material in
memory which could be exposed via tricky reuse of this same memory.
Extent the _ip_cprb_helper() function with another parameter 'scrub'
used to steer scrubbing of this buffer. So now the caller has the
opportunity to decide if scrubbing is needed or not.
Extent the clear key to secure key token import process in function
cca_clr2cipherkey() to tell the helper function from above to scrub
the cprb buffer when the clear key value is part of the request data.
Overall this cleans the internal used buffer in case of clear key
import to prevent sensitive data to get exposed.
Changelog:
v1: initial version
Harald Freudenberger (1):
s390/zcrypt: Fix missing mem scrub at clear key import in
cca_clr2cipherkey()
drivers/s390/crypto/zcrypt_ccamisc.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
--
2.43.0
^ permalink raw reply [flat|nested] 3+ messages in thread* [PATCH v1 1/1] s390/zcrypt: Fix missing mem scrub at clear key import in cca_clr2cipherkey() 2026-07-10 13:26 [PATCH v1 0/1] Fix missing mem scrub at clear key import in cca_clr2cipherkey() Harald Freudenberger @ 2026-07-10 13:26 ` Harald Freudenberger 2026-07-10 13:56 ` sashiko-bot 0 siblings, 1 reply; 3+ messages in thread From: Harald Freudenberger @ 2026-07-10 13:26 UTC (permalink / raw) To: dengler, fcallies Cc: freude, linux-s390, Heiko Carstens, Vasily Gorbik, Alexander Gordeev The helper function _ip_cprb_helper() uses internal buffer memory for building and processing CPRBs. After use this buffer was never scrubbed which could lead to leaving for example clear key material in memory which could be exposed via tricky reuse of this same memory. Extent the _ip_cprb_helper() function with another parameter 'scrub' used to steer scrubbing of this buffer. So now the caller has the opportunity to decide if scrubbing is needed or not. Extent the clear key to secure key token import process in function cca_clr2cipherkey() to tell the helper function from above to scrub the cprb buffer when the clear key value is part of the request data. Overall this cleans the internal used buffer in case of clear key import to prevent sensitive data to get exposed. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Cc: stable@vger.kernel.org --- drivers/s390/crypto/zcrypt_ccamisc.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c b/drivers/s390/crypto/zcrypt_ccamisc.c index 84936a795b95..6a237e880b40 100644 --- a/drivers/s390/crypto/zcrypt_ccamisc.c +++ b/drivers/s390/crypto/zcrypt_ccamisc.c @@ -971,7 +971,8 @@ static int _ip_cprb_helper(u16 cardnr, u16 domain, int clr_key_bit_size, u8 *key_token, int *key_token_size, - u32 xflags) + u32 xflags, + bool scrub) { int rc, n; u8 *mem, *ptr; @@ -1111,7 +1112,7 @@ static int _ip_cprb_helper(u16 cardnr, u16 domain, *key_token_size = t->len; out: - free_cprbmem(mem, PARMBSIZE, false, xflags); + free_cprbmem(mem, PARMBSIZE, scrub, xflags); return rc; } @@ -1162,28 +1163,32 @@ int cca_clr2cipherkey(u16 card, u16 dom, u32 keybitsize, u32 keygenflags, * 4/4 COMPLETE the secure cipher key import */ rc = _ip_cprb_helper(card, dom, "AES ", "FIRST ", "MIN3PART", - exorbuf, keybitsize, token, &tokensize, xflags); + exorbuf, keybitsize, token, &tokensize, + xflags, false); if (rc) { ZCRYPT_DBF_ERR("%s clear key import 1/4 with CSNBKPI2 failed, rc=%d\n", __func__, rc); goto out; } rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL, - clrkey, keybitsize, token, &tokensize, xflags); + clrkey, keybitsize, token, &tokensize, + xflags, true); if (rc) { ZCRYPT_DBF_ERR("%s clear key import 2/4 with CSNBKPI2 failed, rc=%d\n", __func__, rc); goto out; } rc = _ip_cprb_helper(card, dom, "AES ", "ADD-PART", NULL, - exorbuf, keybitsize, token, &tokensize, xflags); + exorbuf, keybitsize, token, &tokensize, + xflags, false); if (rc) { ZCRYPT_DBF_ERR("%s clear key import 3/4 with CSNBKPI2 failed, rc=%d\n", __func__, rc); goto out; } rc = _ip_cprb_helper(card, dom, "AES ", "COMPLETE", NULL, - NULL, keybitsize, token, &tokensize, xflags); + NULL, keybitsize, token, &tokensize, + xflags, false); if (rc) { ZCRYPT_DBF_ERR("%s clear key import 4/4 with CSNBKPI2 failed, rc=%d\n", __func__, rc); -- 2.43.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v1 1/1] s390/zcrypt: Fix missing mem scrub at clear key import in cca_clr2cipherkey() 2026-07-10 13:26 ` [PATCH v1 1/1] s390/zcrypt: " Harald Freudenberger @ 2026-07-10 13:56 ` sashiko-bot 0 siblings, 0 replies; 3+ messages in thread From: sashiko-bot @ 2026-07-10 13:56 UTC (permalink / raw) To: Harald Freudenberger Cc: Heiko Carstens, Vasily Gorbik, linux-s390, Alexander Gordeev Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider: Pre-existing issues: - [High] Missing bounds validation on the hardware-provided length field `t->len` leads to out-of-bounds reads and writes from the CPRB reply block. -- --- Patch [1]: [PATCH v1 1/1] s390/zcrypt: Fix missing mem scrub at clear key import in cca_clr2cipherkey() --- commit ca71a93310e3d552d6d70f4020264235acf62e73 Author: Harald Freudenberger <freude@linux.ibm.com> s390/zcrypt: Fix missing mem scrub at clear key import in cca_clr2cipherkey() This commit adds a scrub parameter to _ip_cprb_helper() to control whether the internal CPRB buffer is zeroed out before freeing. This prevents clear key material from being left in memory during key token import. > diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c b/drivers/s390/crypto/zcrypt_ccamisc.c > index 84936a795b956..6a237e880b40b 100644 > --- a/drivers/s390/crypto/zcrypt_ccamisc.c > +++ b/drivers/s390/crypto/zcrypt_ccamisc.c > @@ -971,7 +971,8 @@ static int _ip_cprb_helper(u16 cardnr, u16 domain, > int clr_key_bit_size, > u8 *key_token, > int *key_token_size, > - u32 xflags) > + u32 xflags, > + bool scrub) > { [ ... ] > @@ -1111,7 +1112,7 @@ static int _ip_cprb_helper(u16 cardnr, u16 domain, > *key_token_size = t->len; [Severity: High] This isn't a bug introduced by this patch, but is it possible for the hardware-provided t->len field to cause an out-of-bounds read or write? Looking at _ip_cprb_helper() in drivers/s390/crypto/zcrypt_ccamisc.c, the t->len field is used directly from the untrusted hardware response: drivers/s390/crypto/zcrypt_ccamisc.c:_ip_cprb_helper() { ... t = (struct cipherkeytoken *)prepparm->kb.tlv1.key_token; memcpy(key_token, t, t->len); *key_token_size = t->len; ... } If a malfunctioning or compromised coprocessor returns a CPRB reply block with a valid outer kb.len but a maliciously large inner t->len, could this memcpy copy up to 64KB of adjacent kernel memory, overflowing the 16KB token allocation in cca_clr2cipherkey()? A similar pattern also appears to exist in cca_gencipherkey(). Would it be safer to validate t->len against the source CPRB reply block size and the destination buffer size before using it? > out: > - free_cprbmem(mem, PARMBSIZE, false, xflags); > + free_cprbmem(mem, PARMBSIZE, scrub, xflags); > return rc; > } -- Sashiko AI review · https://sashiko.dev/#/patchset/20260710132658.77231-2-freude@linux.ibm.com?part=1 ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-07-10 13:56 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-07-10 13:26 [PATCH v1 0/1] Fix missing mem scrub at clear key import in cca_clr2cipherkey() Harald Freudenberger 2026-07-10 13:26 ` [PATCH v1 1/1] s390/zcrypt: " Harald Freudenberger 2026-07-10 13:56 ` sashiko-bot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox