netfs: use kfree_sensitive() instend of kfree() in fscache_free_cookie()

[PATCH v1] netfs: use kfree_sensitive() instend of kfree() in fscache_free_cookie()

Posted by Minjie Du 1 year, 11 months ago

key might contain private information, so use kfree_sensitive to free it.
In fscache_free_cookie() use kfree_sensitive().

Signed-off-by: Minjie Du <duminjie@vivo.com>
---
 fs/netfs/fscache_cookie.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/netfs/fscache_cookie.c b/fs/netfs/fscache_cookie.c
index bce2492186d0..5c917d87f281 100644
--- a/fs/netfs/fscache_cookie.c
+++ b/fs/netfs/fscache_cookie.c
@@ -74,7 +74,7 @@ static void fscache_free_cookie(struct fscache_cookie *cookie)
 	if (cookie->aux_len > sizeof(cookie->inline_aux))
 		kfree(cookie->aux);
 	if (cookie->key_len > sizeof(cookie->inline_key))
-		kfree(cookie->key);
+		kfree_sensitive(cookie->key);
 	fscache_stat_d(&fscache_n_cookies);
 	kmem_cache_free(fscache_cookie_jar, cookie);
 }
-- 
2.39.0

Re: [PATCH v1] netfs: use kfree_sensitive() instend of kfree() in fscache_free_cookie()

Posted by David Howells 1 year, 11 months ago

Minjie Du <duminjie@vivo.com> wrote:

>  linux-cachefs@redhat.com (moderated
>  list:FILESYSTEMS [NETFS LIBRARY]), linux-fsdevel@vger.kernel.org (open
>  list:FILESYSTEMS [NETFS LIBRARY]), linux-kernel@vger.kernel.org (open list)

In future, could you edit the comments out of the email addresses, please?

> key might contain private information, so use kfree_sensitive to free it.
> In fscache_free_cookie() use kfree_sensitive().

There's no real point.  These are written as filenames (possibly base64-ish
encoded) on disk by cachefiles and represent the information given to the
server to indicate the file (in afs, for example, that's cell name, volume
name, vnode number).

David