From patchwork Fri Apr 21 08:30:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9692107 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8B9906037F for ; Fri, 21 Apr 2017 08:34:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E2B528613 for ; Fri, 21 Apr 2017 08:34:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7303128615; Fri, 21 Apr 2017 08:34:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 251E128613 for ; Fri, 21 Apr 2017 08:34:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1036822AbdDUIer (ORCPT ); Fri, 21 Apr 2017 04:34:47 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:36253 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1036233AbdDUIb6 (ORCPT ); Fri, 21 Apr 2017 04:31:58 -0400 Received: by mail-oi0-f66.google.com with SMTP id a3so12826899oii.3; Fri, 21 Apr 2017 01:31:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Sbr3U+vQCXJnm225rBCdIGni7G5qrOvSzxR0Q3D7j/4=; b=SSn/iMnC5lTrHwVd1GK5+zJtpSbc1/87xNQKrzwGEwMUy7xPGwtLFuLs4gEhrRHi4U cscxlV/TS6b1Vpt/Re28AJRxT+9tLKZkPvdZw+R5xNCvdXM5DJHxm3TihSem+Lra7THD WipvQEMa8bMRXjhBCVegSYN6Gt7dzN+VmdyMb9dVoNhRky/oW7eGE8wJwrnD3R6V1wrk l8IfECqhiszbiK7wG3slTmkUR0lyWM12dsQBOVhtSlnJt3l8G5eRDxzUGXjlAedo4ssh eWqEZUoImkzkYK4XUznkU734BHw868RLR0a0wt5L4fclR+98L6g4weQ+zwqmirY2Hv83 9FgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Sbr3U+vQCXJnm225rBCdIGni7G5qrOvSzxR0Q3D7j/4=; b=Al1FSFsgLBwM7z2jwL4XdeSVcKIBlstuMcbwQ8aBrnKaEMKCpClNGWehZH7cTQ4bJp 1aNV5xob3Wev6lWliG9xnnvSGex1lEnQu7LhlgLlObQ7XgAiEXM6LkKSxcANfDbgBjtU PiPJn6EQVkdGEHOoE7qcBWKARhpn3j9yWSs/6h+OAetAHjEhsxuYJkUImxPZt8mootuE 4+RPYzPUqVRlyB2CWPR+he0ZIMa23YgTJIGabvU7L/kk51zJDV8clED5Hzh/8X2nSrwI wA9ZJ4XjHurdF6DCkz7HFQPO3zhljZL3HOuxdOs9qK4qs+x7h2a9ZfB3vHeBaVpSCLZN jpKw== X-Gm-Message-State: AN3rC/5Q2CSHntbo6YwcqFGTx5MTXv6cB7GoU+MWSaBIypNcRaN2S38h C6r86bbMvRZk8Q== X-Received: by 10.84.196.129 with SMTP id l1mr14967472pld.21.1492763517557; Fri, 21 Apr 2017 01:31:57 -0700 (PDT) Received: from localhost.localdomain (c-73-239-167-150.hsd1.wa.comcast.net. [73.239.167.150]) by smtp.gmail.com with ESMTPSA id m187sm14593981pfm.122.2017.04.21.01.31.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Apr 2017 01:31:57 -0700 (PDT) From: Eric Biggers To: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org, David Howells , linux-kernel@vger.kernel.org, Eric Biggers Subject: [PATCH 2/5] KEYS: user_defined: sanitize key payloads Date: Fri, 21 Apr 2017 01:30:34 -0700 Message-Id: <20170421083037.12746-3-ebiggers3@gmail.com> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20170421083037.12746-1-ebiggers3@gmail.com> References: <20170421083037.12746-1-ebiggers3@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Zero the payloads of user and logon keys before freeing them. This prevents sensitive key material from being kept around in the slab caches after a key is released. Signed-off-by: Eric Biggers --- security/keys/user_defined.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 26605134f17a..3d8c68eba516 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -86,10 +86,18 @@ EXPORT_SYMBOL_GPL(user_preparse); */ void user_free_preparse(struct key_preparsed_payload *prep) { - kfree(prep->payload.data[0]); + kzfree(prep->payload.data[0]); } EXPORT_SYMBOL_GPL(user_free_preparse); +static void user_free_payload_rcu(struct rcu_head *head) +{ + struct user_key_payload *payload; + + payload = container_of(head, struct user_key_payload, rcu); + kzfree(payload); +} + /* * update a user defined key * - the key's semaphore is write-locked @@ -112,7 +120,7 @@ int user_update(struct key *key, struct key_preparsed_payload *prep) prep->payload.data[0] = NULL; if (zap) - kfree_rcu(zap, rcu); + call_rcu(&zap->rcu, user_free_payload_rcu); return ret; } EXPORT_SYMBOL_GPL(user_update); @@ -130,7 +138,7 @@ void user_revoke(struct key *key) if (upayload) { rcu_assign_keypointer(key, NULL); - kfree_rcu(upayload, rcu); + call_rcu(&upayload->rcu, user_free_payload_rcu); } } @@ -143,7 +151,7 @@ void user_destroy(struct key *key) { struct user_key_payload *upayload = key->payload.data[0]; - kfree(upayload); + kzfree(upayload); } EXPORT_SYMBOL_GPL(user_destroy);