[SRU][B][C][D][Patch 1/1] pkey: Indicate old mkvp only if old and current mkvp are different
frank.heimes at canonical.com
frank.heimes at canonical.com
Tue Jun 18 07:03:07 UTC 2019
From: Ingo Franzki <ifranzki at linux.ibm.com>
BugLink: https://bugs.launchpad.net/bugs/1832625
When the CCA master key is set twice with the same master key,
then the old and the current master key are the same and thus the
verification patterns are the same, too. The check to report if a
secure key is currently wrapped by the old master key erroneously
reports old mkvp in this case.
Reviewed-by: Harald Freudenberger <freude at linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki at linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky at de.ibm.com>
(cherry picked from commit ebb7c695d3bc7a4986b92edc8d9ef43491be183e)
Signed-off-by: Frank Heimes <frank.heimes at canonical.com>
---
drivers/s390/crypto/pkey_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 81bfcc9..03c643a 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -1034,7 +1034,7 @@ int pkey_verifykey(const struct pkey_seckey *seckey,
rc = mkvp_cache_fetch(cardnr, domain, mkvp);
if (rc)
goto out;
- if (t->mkvp == mkvp[1]) {
+ if (t->mkvp == mkvp[1] && t->mkvp != mkvp[0]) {
DEBUG_DBG("%s secure key has old mkvp\n", __func__);
if (pattributes)
*pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
--
2.7.4
More information about the kernel-team
mailing list