summaryrefslogtreecommitdiff
path: root/arch/x86/kernel/cpu/amd.c
diff options
context:
space:
mode:
authorOndrej Kozina <okozina@redhat.com>2018-01-12 16:30:32 +0100
committerMike Snitzer <snitzer@redhat.com>2018-01-17 09:10:48 -0500
commitdc94902bde1e158cd19c4deab208e5d6eb382a44 (patch)
tree921d063aaf2197a2bd437f5c9dd0969dc5f68e20 /arch/x86/kernel/cpu/amd.c
parent717f4b1c52135f279112df82583e0c77e80f90de (diff)
dm crypt: wipe kernel key copy after IV initialization
Loading key via kernel keyring service erases the internal key copy immediately after we pass it in crypto layer. This is wrong because IV is initialized later and we use wrong key for the initialization (instead of real key there's just zeroed block). The bug may cause data corruption if key is loaded via kernel keyring service first and later same crypt device is reactivated using exactly same key in hexbyte representation, or vice versa. The bug (and fix) affects only ciphers using following IVs: essiv, lmk and tcw. Fixes: c538f6ec9f56 ("dm crypt: add ability to use keys from the kernel key retention service") Cc: stable@vger.kernel.org # 4.10+ Signed-off-by: Ondrej Kozina <okozina@redhat.com> Reviewed-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Diffstat (limited to 'arch/x86/kernel/cpu/amd.c')
0 files changed, 0 insertions, 0 deletions