x86/sev: Replace memset(0) and kfree() with kfree_sensitive()

[PATCH] x86/sev: Replace memset(0) and kfree() with kfree_sensitive()

Posted by Thorsten Blum 3 months ago

Replace memset(0) followed by kfree() with kfree_sensitive() to improve
snp_msg_free() and silence the following Coccinelle/coccicheck warning
reported by kfree_sensitive.cocci:

  WARNING opportunity for kfree_sensitive/kvfree_sensitive

No functional changes intended.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/r/202501141317.IrSGK4Et-lkp@intel.com/
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 arch/x86/coco/sev/core.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index b6db4e0b936b..4bc8423cfd79 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1768,8 +1768,7 @@ void snp_msg_free(struct snp_msg_desc *mdesc)
 	free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg));
 	iounmap((__force void __iomem *)mdesc->secrets);
 
-	memset(mdesc, 0, sizeof(*mdesc));
-	kfree(mdesc);
+	kfree_sensitive(mdesc);
 }
 EXPORT_SYMBOL_GPL(snp_msg_free);
 
-- 
2.50.0

Re: [PATCH] x86/sev: Replace memset(0) and kfree() with kfree_sensitive()

Posted by Borislav Petkov 3 months ago

On Sun, Jul 06, 2025 at 11:28:44AM +0200, Thorsten Blum wrote:
> Replace memset(0) followed by kfree() with kfree_sensitive() to improve
> snp_msg_free()

Improve how?

> and silence the following Coccinelle/coccicheck warning
> reported by kfree_sensitive.cocci:

We don't do patches just to silence tools.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette