@@ -1518,9 +1518,16 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl **param)
if (copy_from_user(dmi, user, tmp.data_size))
goto fail;
+ /* Wipe the user buffer so we do not return it to userspace */
+ if ((tmp.flags & DM_SECURE_DATA_FLAG) &&
+ clear_user(user, tmp.data_size))
+ goto fail;
+
*param = dmi;
return 0;
fail:
+ if (tmp.flags & DM_SECURE_DATA_FLAG)
+ memset(dmi, 0, tmp.data_size);
vfree(dmi);
return -EFAULT;
}
@@ -1621,6 +1628,9 @@ static int ctl_ioctl(uint command, struct dm_ioctl __user *user)
if (!r && copy_to_user(user, param, param->data_size))
r = -EFAULT;
out:
+ if (param->flags & DM_SECURE_DATA_FLAG)
+ memset(param, 0, param_size);
+
vfree(param);
return r;
}
@@ -267,9 +267,9 @@ enum {
#define DM_DEV_SET_GEOMETRY _IOWR(DM_IOCTL, DM_DEV_SET_GEOMETRY_CMD, struct dm_ioctl)
#define DM_VERSION_MAJOR 4
-#define DM_VERSION_MINOR 19
-#define DM_VERSION_PATCHLEVEL 1
-#define DM_VERSION_EXTRA "-ioctl (2011-01-07)"
+#define DM_VERSION_MINOR 20
+#define DM_VERSION_PATCHLEVEL 0
+#define DM_VERSION_EXTRA "-ioctl (2011-02-02)"
/* Status bits */
#define DM_READONLY_FLAG (1 << 0) /* In/Out */
@@ -328,4 +328,10 @@ enum {
*/
#define DM_UUID_FLAG (1 << 14) /* In */
+/*
+ * If set, all buffers are wiped after use. Used when sending
+ * or requesting sensitive data like crypt key.
+ */
+#define DM_SECURE_DATA_FLAG (1 << 15) /* In */
+
#endif /* _LINUX_DM_IOCTL_H */