[04/18] security/keys: use kvfree_sensitive()

Message ID	160751609699.1238376.10901466590541653794.stgit@warthog.procyon.org.uk (mailing list archive)
State	New
Headers	show Return-Path: <keyrings-owner@kernel.org> Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 04/18] security/keys: use kvfree_sensitive() From: David Howells <dhowells@redhat.com> To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: Denis Efremov <efremov@linux.com>, dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:14:57 +0000 Message-ID: <160751609699.1238376.10901466590541653794.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk
Series	keys: Miscellaneous fixes \| expand [00/18] keys: Miscellaneous fixes [01/18] security: keys: Fix fall-through warnings for Clang [02/18] keys: Remove outdated __user annotations [03/18] watch_queue: Drop references to /dev/watch_queue [04/18] security/keys: use kvfree_sensitive() [05/18] KEYS: asymmetric: Fix kerneldoc [06/18] security: keys: delete repeated words in comments [07/18] KEYS: remove redundant memset [08/18] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h [09/18] encrypted-keys: Replace HTTP links with HTTPS ones [10/18] PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one [11/18] crypto: pkcs7: Use match_string() helper to simplify the code [12/18] keys: remove trailing semicolon in macro definition [13/18] crypto: public_key: Remove redundant header file from public_key.h [14/18] certs/blacklist: fix kernel doc interface issue [15/18] certs: Fix blacklisted hexadecimal hash string check [16/18] PKCS#7: Fix missing include [17/18] certs: Fix blacklist flag type confusion [18/18] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID

Message ID

160751609699.1238376.10901466590541653794.stgit@warthog.procyon.org.uk (mailing list archive)

State

New

Headers

Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
        Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
        Kingdom.
        Registered in England and Wales under Company Registration No. 3798903
Subject: [PATCH 04/18] security/keys: use kvfree_sensitive()
From: David Howells <dhowells@redhat.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Denis Efremov <efremov@linux.com>, dhowells@redhat.com,
        keyrings@vger.kernel.org, linux-kernel@vger.kernel.org
Date: Wed, 09 Dec 2020 12:14:57 +0000
Message-ID: 
 <160751609699.1238376.10901466590541653794.stgit@warthog.procyon.org.uk>
In-Reply-To: 
 <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk>
References: 
 <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk>
User-Agent: StGit/0.23
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Precedence: bulk

Series

keys: Miscellaneous fixes | expand

Commit Message

David Howells Dec. 9, 2020, 12:14 p.m. UTC

From: Denis Efremov <efremov@linux.com>

Use kvfree_sensitive() instead of open-coding it.

Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---

 security/keys/big_key.c |    9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index 691347dea3c1..d17e5f09eeb8 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -121,8 +121,7 @@  int big_key_preparse(struct key_preparsed_payload *prep)
 		*path = file->f_path;
 		path_get(path);
 		fput(file);
-		memzero_explicit(buf, enclen);
-		kvfree(buf);
+		kvfree_sensitive(buf, enclen);
 	} else {
 		/* Just store the data in a buffer */
 		void *data = kmalloc(datalen, GFP_KERNEL);
@@ -140,8 +139,7 @@  int big_key_preparse(struct key_preparsed_payload *prep)
 err_enckey:
 	kfree_sensitive(enckey);
 error:
-	memzero_explicit(buf, enclen);
-	kvfree(buf);
+	kvfree_sensitive(buf, enclen);
 	return ret;
 }
 
@@ -273,8 +271,7 @@  long big_key_read(const struct key *key, char *buffer, size_t buflen)
 err_fput:
 		fput(file);
 error:
-		memzero_explicit(buf, enclen);
-		kvfree(buf);
+		kvfree_sensitive(buf, enclen);
 	} else {
 		ret = datalen;
 		memcpy(buffer, key->payload.data[big_key_data], datalen);

[04/18] security/keys: use kvfree_sensitive()

Commit Message

Patch