From 468ffddf19c1417947cac931c240b0d600e4b5bf Mon Sep 17 00:00:00 2001 From: Felix Beck Date: Mon, 7 Dec 2009 12:51:54 +0100 Subject: [PATCH] [S390] zcrypt: initialize ap_messages for cex3 exploitation AP messages need to be initialized, before they will be used. Values will be zeroized. This will be needed later when introducing support for the special commands. Signed-off-by: Felix Beck Signed-off-by: Ralph Wuerthner Signed-off-by: Martin Schwidefsky --- drivers/s390/crypto/ap_bus.h | 11 +++++++++++ drivers/s390/crypto/zcrypt_cex2a.c | 2 ++ drivers/s390/crypto/zcrypt_pcica.c | 2 ++ drivers/s390/crypto/zcrypt_pcicc.c | 2 ++ drivers/s390/crypto/zcrypt_pcixcc.c | 5 +++++ 5 files changed, 22 insertions(+) diff --git a/drivers/s390/crypto/ap_bus.h b/drivers/s390/crypto/ap_bus.h index a35362241805..fcf2497556dd 100644 --- a/drivers/s390/crypto/ap_bus.h +++ b/drivers/s390/crypto/ap_bus.h @@ -167,6 +167,17 @@ struct ap_message { .dev_type=(dt), \ .match_flags=AP_DEVICE_ID_MATCH_DEVICE_TYPE, +/** + * ap_init_message() - Initialize ap_message. + * Initialize a message before using. Otherwise this might result in + * unexpected behaviour. + */ +static inline void ap_init_message(struct ap_message *ap_msg) +{ + ap_msg->psmid = 0; + ap_msg->length = 0; +} + /* * Note: don't use ap_send/ap_recv after using ap_queue_message * for the first time. Otherwise the ap message queue will get diff --git a/drivers/s390/crypto/zcrypt_cex2a.c b/drivers/s390/crypto/zcrypt_cex2a.c index 326ea08f67c9..ad61a6a59374 100644 --- a/drivers/s390/crypto/zcrypt_cex2a.c +++ b/drivers/s390/crypto/zcrypt_cex2a.c @@ -298,6 +298,7 @@ static long zcrypt_cex2a_modexpo(struct zcrypt_device *zdev, struct completion work; int rc; + ap_init_message(&ap_msg); ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; @@ -335,6 +336,7 @@ static long zcrypt_cex2a_modexpo_crt(struct zcrypt_device *zdev, struct completion work; int rc; + ap_init_message(&ap_msg); ap_msg.message = kmalloc(CEX2A_MAX_MESSAGE_SIZE, GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; diff --git a/drivers/s390/crypto/zcrypt_pcica.c b/drivers/s390/crypto/zcrypt_pcica.c index 17ba81b58c78..e78df3671caf 100644 --- a/drivers/s390/crypto/zcrypt_pcica.c +++ b/drivers/s390/crypto/zcrypt_pcica.c @@ -281,6 +281,7 @@ static long zcrypt_pcica_modexpo(struct zcrypt_device *zdev, struct completion work; int rc; + ap_init_message(&ap_msg); ap_msg.message = kmalloc(PCICA_MAX_MESSAGE_SIZE, GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; @@ -318,6 +319,7 @@ static long zcrypt_pcica_modexpo_crt(struct zcrypt_device *zdev, struct completion work; int rc; + ap_init_message(&ap_msg); ap_msg.message = kmalloc(PCICA_MAX_MESSAGE_SIZE, GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; diff --git a/drivers/s390/crypto/zcrypt_pcicc.c b/drivers/s390/crypto/zcrypt_pcicc.c index f4b0c4795434..a23726a0735c 100644 --- a/drivers/s390/crypto/zcrypt_pcicc.c +++ b/drivers/s390/crypto/zcrypt_pcicc.c @@ -483,6 +483,7 @@ static long zcrypt_pcicc_modexpo(struct zcrypt_device *zdev, struct completion work; int rc; + ap_init_message(&ap_msg); ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; @@ -521,6 +522,7 @@ static long zcrypt_pcicc_modexpo_crt(struct zcrypt_device *zdev, struct completion work; int rc; + ap_init_message(&ap_msg); ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; diff --git a/drivers/s390/crypto/zcrypt_pcixcc.c b/drivers/s390/crypto/zcrypt_pcixcc.c index 5677b40e4ac0..11ca6dc99b23 100644 --- a/drivers/s390/crypto/zcrypt_pcixcc.c +++ b/drivers/s390/crypto/zcrypt_pcixcc.c @@ -688,6 +688,7 @@ static long zcrypt_pcixcc_modexpo(struct zcrypt_device *zdev, }; int rc; + ap_init_message(&ap_msg); ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; @@ -727,6 +728,7 @@ static long zcrypt_pcixcc_modexpo_crt(struct zcrypt_device *zdev, }; int rc; + ap_init_message(&ap_msg); ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; @@ -766,6 +768,7 @@ static long zcrypt_pcixcc_send_cprb(struct zcrypt_device *zdev, }; int rc; + ap_init_message(&ap_msg); ap_msg.message = kmalloc(PCIXCC_MAX_XCRB_MESSAGE_SIZE, GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; @@ -805,6 +808,7 @@ static long zcrypt_pcixcc_rng(struct zcrypt_device *zdev, }; int rc; + ap_init_message(&ap_msg); ap_msg.message = kmalloc(PCIXCC_MAX_XCRB_MESSAGE_SIZE, GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; @@ -972,6 +976,7 @@ static int zcrypt_pcixcc_rng_supported(struct ap_device *ap_dev) } __attribute__((packed)) *reply; int rc, i; + ap_init_message(&ap_msg); ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL); if (!ap_msg.message) return -ENOMEM; -- 2.34.1