1650181 – DM_DEVICE_CREATE can pass unused secure table data to a resume ioctl which leaves it in memory unwiped

Bug 1650181 - DM_DEVICE_CREATE can pass unused secure table data to a resume ioctl which leaves it in memory unwiped

Summary: DM_DEVICE_CREATE can pass unused secure table data to a resume ioctl which le...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	lvm2
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Zdenek Kabelac
QA Contact:	cluster-qe@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-11-15 14:32 UTC by Zdenek Kabelac
Modified:	2021-09-07 11:57 UTC (History)
CC List:	12 users (show)
Fixed In Version:	lvm2-2.03.02-1.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-14 01:19:16 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-20824	0	None	None	None	2021-09-07 11:57:42 UTC

Description Zdenek Kabelac 2018-11-15 14:32:04 UTC

Description of problem:

When DM_DEVICE_CREATE is used with table, it also does automatic table load and resume. But since resume ioctl does not take parameters, it's param memory is not wipes upon exit from kernel  - user space was not meant to pass any argument here.

This bug may leak some secure data to running user space process that were meant to be cleared immediately after ioctl call.

Version-Release number of selected component (if applicable):
devicemapper library < 1.02.155 

How reproducible:


Steps to Reproduce:
1. simple test program will be provided.
2.
3.

Actual results:
data leaking in i.e. coredump of process.

Expected results:
no memory trace in address space of task.

Additional info:

Comment 1 Zdenek Kabelac 2018-11-19 16:14:31 UTC

Addressed with upstream commit:

https://www.redhat.com/archives/lvm-devel/2018-November/msg00068.html

Test cases added with (and later tuned further)

https://www.redhat.com/archives/lvm-devel/2018-November/msg00073.html

Comment 2 Marian Csontos 2018-12-19 17:15:45 UTC

Corey, is the coverage in our test suite sufficient to grant a qa-ack? This is IMO rather internal thing, which should be rather covered by unit tests (as it is now)

Note You need to log in before you can comment on or make changes to this bug.