[S390] zcrypt: initialize ap_messages for cex3 exploitation
Felix Beck [Mon, 7 Dec 2009 11:51:54 +0000 (12:51 +0100)]
AP messages need to be initialized, before they will be used. Values
will be zeroized. This will be needed later when introducing support
for the special commands.

Signed-off-by: Felix Beck <felix.beck@de.ibm.com>
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

drivers/s390/crypto/ap_bus.h
drivers/s390/crypto/zcrypt_cex2a.c
drivers/s390/crypto/zcrypt_pcica.c
drivers/s390/crypto/zcrypt_pcicc.c
drivers/s390/crypto/zcrypt_pcixcc.c

index a353622..fcf2497 100644 (file)
@@ -167,6 +167,17 @@ struct ap_message {
        .dev_type=(dt),                                 \
        .match_flags=AP_DEVICE_ID_MATCH_DEVICE_TYPE,
 
+/**
+ * ap_init_message() - Initialize ap_message.
+ * Initialize a message before using. Otherwise this might result in
+ * unexpected behaviour.
+ */
+static inline void ap_init_message(struct ap_message *ap_msg)
+{
+       ap_msg->psmid = 0;
+       ap_msg->length = 0;
+}
+
 /*
  * Note: don't use ap_send/ap_recv after using ap_queue_message
  * for the first time. Otherwise the ap message queue will get
index 326ea08..ad61a6a 100644 (file)
@@ -298,6 +298,7 @@ static long zcrypt_cex2a_modexpo(struct zcrypt_device *zdev,
        struct completion work;
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
@@ -335,6 +336,7 @@ static long zcrypt_cex2a_modexpo_crt(struct zcrypt_device *zdev,
        struct completion work;
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
index 17ba81b..e78df36 100644 (file)
@@ -281,6 +281,7 @@ static long zcrypt_pcica_modexpo(struct zcrypt_device *zdev,
        struct completion work;
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = kmalloc(PCICA_MAX_MESSAGE_SIZE, GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
@@ -318,6 +319,7 @@ static long zcrypt_pcica_modexpo_crt(struct zcrypt_device *zdev,
        struct completion work;
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = kmalloc(PCICA_MAX_MESSAGE_SIZE, GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
index f4b0c47..a23726a 100644 (file)
@@ -483,6 +483,7 @@ static long zcrypt_pcicc_modexpo(struct zcrypt_device *zdev,
        struct completion work;
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
@@ -521,6 +522,7 @@ static long zcrypt_pcicc_modexpo_crt(struct zcrypt_device *zdev,
        struct completion work;
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
index 5677b40..11ca6dc 100644 (file)
@@ -688,6 +688,7 @@ static long zcrypt_pcixcc_modexpo(struct zcrypt_device *zdev,
        };
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
@@ -727,6 +728,7 @@ static long zcrypt_pcixcc_modexpo_crt(struct zcrypt_device *zdev,
        };
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
@@ -766,6 +768,7 @@ static long zcrypt_pcixcc_send_cprb(struct zcrypt_device *zdev,
        };
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = kmalloc(PCIXCC_MAX_XCRB_MESSAGE_SIZE, GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
@@ -805,6 +808,7 @@ static long zcrypt_pcixcc_rng(struct zcrypt_device *zdev,
        };
        int rc;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = kmalloc(PCIXCC_MAX_XCRB_MESSAGE_SIZE, GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;
@@ -972,6 +976,7 @@ static int zcrypt_pcixcc_rng_supported(struct ap_device *ap_dev)
        } __attribute__((packed)) *reply;
        int rc, i;
 
+       ap_init_message(&ap_msg);
        ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
        if (!ap_msg.message)
                return -ENOMEM;