nfp: tls: don't leave key material in freed FW cmsg skbs
authorJakub Kicinski <jakub.kicinski@netronome.com>
Tue, 9 Jul 2019 02:53:14 +0000 (19:53 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 9 Jul 2019 03:21:09 +0000 (20:21 -0700)
Make sure the contents of the skb which carried key material
to the FW is cleared.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/netronome/nfp/crypto/tls.c

index d448c6de8ea4099ce0d68a0e2ebea2738af627b0..96a96b35c0ca6b3ce33fa8510a18e52757de604f 100644 (file)
@@ -4,6 +4,7 @@
 #include <linux/bitfield.h>
 #include <linux/ipv6.h>
 #include <linux/skbuff.h>
+#include <linux/string.h>
 #include <net/tls.h>
 
 #include "../ccm.h"
@@ -340,8 +341,22 @@ nfp_net_tls_add(struct net_device *netdev, struct sock *sk,
        memcpy(&back->salt, tls_ci->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
        memcpy(back->rec_no, tls_ci->rec_seq, sizeof(tls_ci->rec_seq));
 
+       /* Get an extra ref on the skb so we can wipe the key after */
+       skb_get(skb);
+
        err = nfp_ccm_mbox_communicate(nn, skb, NFP_CCM_TYPE_CRYPTO_ADD,
                                       sizeof(*reply), sizeof(*reply));
+       reply = (void *)skb->data;
+
+       /* We depend on CCM MBOX code not reallocating skb we sent
+        * so we can clear the key material out of the memory.
+        */
+       if (!WARN_ON_ONCE((u8 *)back < skb->head ||
+                         (u8 *)back > skb_end_pointer(skb)) &&
+           !WARN_ON_ONCE((u8 *)&reply[1] > (u8 *)back))
+               memzero_explicit(back, sizeof(*back));
+       dev_consume_skb_any(skb); /* the extra ref from skb_get() above */
+
        if (err) {
                nn_dp_warn(&nn->dp, "failed to add TLS: %d (%d)\n",
                           err, direction == TLS_OFFLOAD_CTX_DIR_TX);
@@ -349,7 +364,6 @@ nfp_net_tls_add(struct net_device *netdev, struct sock *sk,
                goto err_conn_remove;
        }
 
-       reply = (void *)skb->data;
        err = -be32_to_cpu(reply->error);
        if (err) {
                if (err == -ENOSPC) {