We can honor secure data flag even when allocation of local buffer fails but user params is valid. Signed-off-by: Milan Broz <mbroz@xxxxxxxxxx> --- drivers/md/dm-ioctl.c | 13 +++++++++---- 1 files changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 516def2..4cacdad 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1504,6 +1504,7 @@ static int check_version(unsigned int cmd, struct dm_ioctl __user *user) static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl **param) { struct dm_ioctl tmp, *dmi; + int secure_data; if (copy_from_user(&tmp, user, sizeof(tmp) - sizeof(tmp.data))) return -EFAULT; @@ -1511,23 +1512,27 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl **param) if (tmp.data_size < (sizeof(tmp) - sizeof(tmp.data))) return -EINVAL; + secure_data = tmp.flags & DM_SECURE_DATA_FLAG; + dmi = vmalloc(tmp.data_size); - if (!dmi) + if (!dmi) { + if (secure_data && clear_user(user, tmp.data_size)) + return -EFAULT; return -ENOMEM; + } if (copy_from_user(dmi, user, tmp.data_size)) goto bad; /* Wipe the user buffer so we do not return it to userspace */ - if ((tmp.flags & DM_SECURE_DATA_FLAG) && - clear_user(user, tmp.data_size)) + if (secure_data && clear_user(user, tmp.data_size)) goto bad; *param = dmi; return 0; bad: - if (tmp.flags & DM_SECURE_DATA_FLAG) + if (secure_data) memset(dmi, 0, tmp.data_size); vfree(dmi); return -EFAULT; -- 1.7.2.3 -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel