On Wed, Sep 09, 2020 at 08:53:50PM +0100, Alex Dewar wrote: > In the file pci/sh_css_params.c, there are a number of places where > memset+kvfree is used, where kvfree_sensitive could be used instead. Fix > these occurrences. This doesn't say *why* the commit is doing it. There are two reasons: The worry with these is that the compiler could optimize away the memset because it sees the kfree(). Second using kvfree_sensitive() is more clear and readable. > > Issue identified with Coccinelle. > > Signed-off-by: Alex Dewar <alex.dewar90@xxxxxxxxx> > --- > .../staging/media/atomisp/pci/sh_css_params.c | 19 +++++++------------ > 1 file changed, 7 insertions(+), 12 deletions(-) > > diff --git a/drivers/staging/media/atomisp/pci/sh_css_params.c b/drivers/staging/media/atomisp/pci/sh_css_params.c > index 2c67c23b3700..d1b5d6608d52 100644 > --- a/drivers/staging/media/atomisp/pci/sh_css_params.c > +++ b/drivers/staging/media/atomisp/pci/sh_css_params.c > @@ -4378,8 +4378,7 @@ ia_css_3a_statistics_free(struct ia_css_3a_statistics *me) > if (me) { > kvfree(me->rgby_data); > kvfree(me->data); > - memset(me, 0, sizeof(struct ia_css_3a_statistics)); > - kvfree(me); > + kvfree_sensitive(me, sizeof(struct ia_css_3a_statistics)); I don't think ia_css_3a_statistics are sensitive at all. What we're trying to protect are things like passwords. Just delete the memset. Looking below, I don't think any of these are sensitive so just delete all the memsets. regards, dan carpenter