From 9379602caf6b27e4911062209b93d26ca0ea34dd Mon Sep 17 00:00:00 2001 From: "xianjun.liu" Date: Mon, 22 Jul 2019 18:02:10 +0800 Subject: [PATCH] MTD: reset some important buf before free the buf [1/1] PD#SWPL-11772 Problem: Inadequate clearing of keys/dtbs/env buf in memory Solution: clear the corresponding buf before free the buf Verify: AXG-S400 Change-Id: I61971c11a41c7062270a3863ae711c856d66f332 Signed-off-by: xianjun.liu --- drivers/amlogic/mtd/aml_key.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/amlogic/mtd/aml_key.c b/drivers/amlogic/mtd/aml_key.c index 199032805b40..ca0b462eff83 100644 --- a/drivers/amlogic/mtd/aml_key.c +++ b/drivers/amlogic/mtd/aml_key.c @@ -33,6 +33,7 @@ int32_t amlnf_key_read(uint8_t *buf, uint32_t len, uint32_t *actual_length) uint8_t *key_ptr = NULL; u32 keysize = 0; size_t offset = 0; + int error = 0; /*struct mtd_info *mtd = aml_chip->mtd;*/ if (aml_chip_key == NULL) { @@ -41,6 +42,12 @@ int32_t amlnf_key_read(uint8_t *buf, uint32_t len, uint32_t *actual_length) return -EFAULT; } + if (buf == NULL) { + pr_info("%s, %d: key buf is NULL, pls check!", + __func__, __LINE__); + return -EFAULT; + } + keysize = aml_chip->keysize - sizeof(u32); *actual_length = keysize; @@ -58,11 +65,17 @@ int32_t amlnf_key_read(uint8_t *buf, uint32_t len, uint32_t *actual_length) if (key_ptr == NULL) return -ENOMEM; - aml_nand_read_key(aml_chip->mtd, offset, key_ptr); + error = aml_nand_read_key(aml_chip->mtd, offset, key_ptr); + if (error) { + pr_info("%s, %d, read key failed\n", __func__, __LINE__); + goto exit; + } memcpy(buf, key_ptr, keysize); - + //reset the memory addr data + memzero_explicit(key_ptr, aml_chip->keysize); +exit: kfree(key_ptr); - return 0; + return error; } /* @@ -82,6 +95,12 @@ int32_t amlnf_key_write(uint8_t *buf, uint32_t len, uint32_t *actual_length) return -EFAULT; } + if (buf == NULL) { + pr_info("%s, %d: key buf is NULL, pls check!", + __func__, __LINE__); + return -EFAULT; + } + keysize = aml_chip->keysize - sizeof(u32); *actual_length = keysize; @@ -101,6 +120,8 @@ int32_t amlnf_key_write(uint8_t *buf, uint32_t len, uint32_t *actual_length) memset(key_ptr, 0, aml_chip->keysize); memcpy(key_ptr, buf, keysize); error = aml_nand_save_key(aml_chip->mtd, key_ptr); + //reset the memory addr data + memzero_explicit(key_ptr, aml_chip->keysize); kfree(key_ptr); return error;