Replace memzero_expliocit() and kfree() with kvfree_sensitive() to fix
warnings reported by Coccinelle
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)
Signed-off-by: Jules Irenge <[email protected]>
---
Changes in v2:
- merges all patches that fixe same problem into one
drivers/s390/crypto/pkey_api.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index dccf664a3d95..e1dd7e0bdfd4 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -1503,8 +1503,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
rc = pkey_keyblob2pkey(kkey, ktp.keylen, ktp.protkey.protkey,
&ktp.protkey.len, &ktp.protkey.type);
pr_debug("%s pkey_keyblob2pkey()=%d\n", __func__, rc);
- memzero_explicit(kkey, ktp.keylen);
- kfree(kkey);
+ kvfree_sensitive(kkey, ktp.keylen);
if (rc)
break;
if (copy_to_user(utp, &ktp, sizeof(ktp)))
@@ -1640,8 +1639,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
&ktp.protkey.type);
pr_debug("%s pkey_keyblob2pkey2()=%d\n", __func__, rc);
kfree(apqns);
- memzero_explicit(kkey, ktp.keylen);
- kfree(kkey);
+ kvfree_sensitive(kkey, ktp.keylen);
if (rc)
break;
if (copy_to_user(utp, &ktp, sizeof(ktp)))
@@ -1767,8 +1765,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
protkey, &protkeylen, &ktp.pkeytype);
pr_debug("%s pkey_keyblob2pkey3()=%d\n", __func__, rc);
kfree(apqns);
- memzero_explicit(kkey, ktp.keylen);
- kfree(kkey);
+ kvfree_sensitive(kkey, ktp.keylen);
if (rc) {
kfree(protkey);
break;
--
2.43.2
On 06/05/2024 19:21, Jules Irenge wrote:
> Replace memzero_expliocit() and kfree() with kvfree_sensitive() to fix
> warnings reported by Coccinelle
Thanks Jules for pointing that out. But instead of using kvfree_sensitive() I would recommend kfree_sensitive() here. We're not on a performance critical path so kfree_sensitive() would be in my opinion the better choice, because we don't need to take care about the right size.
> WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)
> WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)
> WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)
>
> Signed-off-by: Jules Irenge <[email protected]>
> ---
> Changes in v2:
> - merges all patches that fixe same problem into one
>
> drivers/s390/crypto/pkey_api.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
> index dccf664a3d95..e1dd7e0bdfd4 100644
> --- a/drivers/s390/crypto/pkey_api.c
> +++ b/drivers/s390/crypto/pkey_api.c
> @@ -1503,8 +1503,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
> rc = pkey_keyblob2pkey(kkey, ktp.keylen, ktp.protkey.protkey,
> &ktp.protkey.len, &ktp.protkey.type);
> pr_debug("%s pkey_keyblob2pkey()=%d\n", __func__, rc);
> - memzero_explicit(kkey, ktp.keylen);
> - kfree(kkey);
> + kvfree_sensitive(kkey, ktp.keylen);
kfree_sensitive(kkey);
> if (rc)
> break;
> if (copy_to_user(utp, &ktp, sizeof(ktp)))
> @@ -1640,8 +1639,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
> &ktp.protkey.type);
> pr_debug("%s pkey_keyblob2pkey2()=%d\n", __func__, rc);
> kfree(apqns);
> - memzero_explicit(kkey, ktp.keylen);
> - kfree(kkey);
> + kvfree_sensitive(kkey, ktp.keylen);
kfree_sensitive(kkey);
> if (rc)
> break;
> if (copy_to_user(utp, &ktp, sizeof(ktp)))
> @@ -1767,8 +1765,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
> protkey, &protkeylen, &ktp.pkeytype);
> pr_debug("%s pkey_keyblob2pkey3()=%d\n", __func__, rc);
> kfree(apqns);
> - memzero_explicit(kkey, ktp.keylen);
> - kfree(kkey);
> + kvfree_sensitive(kkey, ktp.keylen);
kfree_sensitive(kkey);
> if (rc) {
> kfree(protkey);
> break;
--
Mit freundlichen Grüßen / Kind regards
Holger Dengler
--
IBM Systems, Linux on IBM Z Development
[email protected]