On 2020-09-09 21:06, Dan Carpenter wrote:
On Wed, Sep 09, 2020 at 08:53:50PM +0100, Alex Dewar wrote:
In the file pci/sh_css_params.c, there are a number of places where
memset+kvfree is used, where kvfree_sensitive could be used instead. Fix
these occurrences.
This doesn't say *why* the commit is doing it. There are two reasons:
The worry with these is that the compiler could optimize away the memset
because it sees the kfree(). Second using kvfree_sensitive() is more
clear and readable.
Good point :)
Issue identified with Coccinelle.
Signed-off-by: Alex Dewar <alex.dewar90@xxxxxxxxx>
---
.../staging/media/atomisp/pci/sh_css_params.c | 19 +++++++------------
1 file changed, 7 insertions(+), 12 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/sh_css_params.c b/drivers/staging/media/atomisp/pci/sh_css_params.c
index 2c67c23b3700..d1b5d6608d52 100644
--- a/drivers/staging/media/atomisp/pci/sh_css_params.c
+++ b/drivers/staging/media/atomisp/pci/sh_css_params.c
@@ -4378,8 +4378,7 @@ ia_css_3a_statistics_free(struct ia_css_3a_statistics *me)
if (me) {
kvfree(me->rgby_data);
kvfree(me->data);
- memset(me, 0, sizeof(struct ia_css_3a_statistics));
- kvfree(me);
+ kvfree_sensitive(me, sizeof(struct ia_css_3a_statistics));
I don't think ia_css_3a_statistics are sensitive at all. What we're
trying to protect are things like passwords. Just delete the memset.
Looking below, I don't think any of these are sensitive so just delete
all the memsets.
This makes sense. I'll send a new patch. Thanks for the feedback!
Alex
regards,
dan carpenter