s390/pkey: Wipe sensitive data on failure

[ Upstream commit 1d8c270de5eb74245d72325d285894a577a945d9 ]

Wipe sensitive data from stack also if the copy_to_user() fails.

Suggested-by: Heiko Carstens <hca@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 0658aa5030c6f07c8e7269c7e4322fb5a195dd45..ca090fdec5f2dcf13bbf1a161dbcf0b784e100dd 100644 (file)
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -784,7 +784,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
                if (rc)
                        break;
                if (copy_to_user(ucs, &kcs, sizeof(kcs)))
-                       return -EFAULT;
+                       rc = -EFAULT;
                memzero_explicit(&kcs, sizeof(kcs));
                break;
        }
@@ -816,7 +816,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
                if (rc)
                        break;
                if (copy_to_user(ucp, &kcp, sizeof(kcp)))
-                       return -EFAULT;
+                       rc = -EFAULT;
                memzero_explicit(&kcp, sizeof(kcp));
                break;
        }