[dm-devel] [PATCH 3/3] dm ioctl: add data secure (bufer wipe) flag
Mike Snitzer
snitzer at redhat.com
Thu Feb 3 15:48:29 UTC 2011
On Wed, Feb 02 2011 at 7:08pm -0500,
Milan Broz <mbroz at redhat.com> wrote:
> Add DM_SECURE_DATA_FLAG which userspace can use to control
> that all allocated buffers for dm-ioctl are wiped
> immediatelly after use.
>
> The user buffer is wipes as well (we do not want to keep
> and return sensitive data back to userspace if flag is set).
>
> Wiping is useful mainly for cryptsetup to control that key
> is present in memory only on defined places and only
> for time needed.
>
> (For crypt, key can be present in table during load ot table
> status, wait and message command).
>
> Signed-off-by: Milan Broz <mbroz at redhat.com>
> ---
> drivers/md/dm-ioctl.c | 10 ++++++++++
> include/linux/dm-ioctl.h | 12 +++++++++---
> 2 files changed, 19 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
> index 189c7ab..9284c38 100644
> --- a/drivers/md/dm-ioctl.c
> +++ b/drivers/md/dm-ioctl.c
> @@ -1518,9 +1518,16 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl **param)
> if (copy_from_user(dmi, user, tmp.data_size))
> goto fail;
>
> + /* Wipe the user buffer so we do not return it to userspace */
> + if ((tmp.flags & DM_SECURE_DATA_FLAG) &&
> + clear_user(user, tmp.data_size))
> + goto fail;
> +
> *param = dmi;
> return 0;
> fail:
> + if (tmp.flags & DM_SECURE_DATA_FLAG)
> + memset(dmi, 0, tmp.data_size);
> vfree(dmi);
> return -EFAULT;
> }
Maybe save the result of the tmp.flags check in a bool?, e.g.:
const bool wipe_buffers = !!(tmp.flags & DM_SECURE_DATA_FLAG);
Not a big deal if you don't, just an idea.
> @@ -1621,6 +1628,9 @@ static int ctl_ioctl(uint command, struct dm_ioctl __user *user)
> if (!r && copy_to_user(user, param, param->data_size))
> r = -EFAULT;
> out:
> + if (param->flags & DM_SECURE_DATA_FLAG)
> + memset(param, 0, param_size);
> +
> vfree(param);
> return r;
> }
Extra newline at the end not necessary. Those nits aside..
Acked-by: Mike Snitzer <snitzer at redhat.com>
More information about the dm-devel
mailing list