platform: x86: Use kfree_sensitive instead of kfree

[PATCH v1] platform: x86: Use kfree_sensitive instead of kfree

Posted by Wang Ming 2 years, 6 months ago

key might contain private part of the key, so better use
kfree_sensitive to free it.

Signed-off-by: Wang Ming <machel@vivo.com>
---
 drivers/platform/x86/think-lmi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c
index 52d1ce8dfe44..79346881cadb 100644
--- a/drivers/platform/x86/think-lmi.c
+++ b/drivers/platform/x86/think-lmi.c
@@ -719,12 +719,12 @@ static ssize_t cert_to_password_store(struct kobject *kobj,
 	/* Format: 'Password,Signature' */
 	auth_str = kasprintf(GFP_KERNEL, "%s,%s", passwd, setting->signature);
 	if (!auth_str) {
-		kfree(passwd);
+		kfree_sensitive(passwd);
 		return -ENOMEM;
 	}
 	ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str);
 	kfree(auth_str);
-	kfree(passwd);
+	kfree_sensitive(passwd);
 
 	return ret ?: count;
 }
-- 
2.25.1

Re: [PATCH v1] platform: x86: Use kfree_sensitive instead of kfree

Posted by Hans de Goede 2 years, 6 months ago

Hi,

On 7/17/23 12:11, Wang Ming wrote:
> key might contain private part of the key, so better use
> kfree_sensitive to free it.
> 
> Signed-off-by: Wang Ming <machel@vivo.com>

Thank you for your patch, I've applied this patch to my fixes
branch:
https://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86.git/log/?h=fixes

Note it will show up in my fixes branch once I've pushed my
local branch there, which might take a while.

I will include this patch in my next fixes pull-req to Linus
for the current kernel development cycle.

Regards,

Hans



> ---
>  drivers/platform/x86/think-lmi.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c
> index 52d1ce8dfe44..79346881cadb 100644
> --- a/drivers/platform/x86/think-lmi.c
> +++ b/drivers/platform/x86/think-lmi.c
> @@ -719,12 +719,12 @@ static ssize_t cert_to_password_store(struct kobject *kobj,
>  	/* Format: 'Password,Signature' */
>  	auth_str = kasprintf(GFP_KERNEL, "%s,%s", passwd, setting->signature);
>  	if (!auth_str) {
> -		kfree(passwd);
> +		kfree_sensitive(passwd);
>  		return -ENOMEM;
>  	}
>  	ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str);
>  	kfree(auth_str);
> -	kfree(passwd);
> +	kfree_sensitive(passwd);
>  
>  	return ret ?: count;
>  }

Re: [External] [PATCH v1] platform: x86: Use kfree_sensitive instead of kfree

Posted by Mark Pearson 2 years, 6 months ago

On 7/17/23 06:11, Wang Ming wrote:
> key might contain private part of the key, so better use
> kfree_sensitive to free it.
>
> Signed-off-by: Wang Ming <machel@vivo.com>
> ---
>   drivers/platform/x86/think-lmi.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c
> index 52d1ce8dfe44..79346881cadb 100644
> --- a/drivers/platform/x86/think-lmi.c
> +++ b/drivers/platform/x86/think-lmi.c
> @@ -719,12 +719,12 @@ static ssize_t cert_to_password_store(struct kobject *kobj,
>   	/* Format: 'Password,Signature' */
>   	auth_str = kasprintf(GFP_KERNEL, "%s,%s", passwd, setting->signature);
>   	if (!auth_str) {
> -		kfree(passwd);
> +		kfree_sensitive(passwd);
>   		return -ENOMEM;
>   	}
>   	ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str);
>   	kfree(auth_str);
> -	kfree(passwd);
> +	kfree_sensitive(passwd);
>   
>   	return ret ?: count;
>   }

I wasn't aware of kfree_sensitive - looks good to me!

Thank you

Mark