Re: [External] [PATCH v1] platform: x86: Use kfree_sensitive instead of kfree

[Mark Pearson <markpearson@xxxxxxxxxx>]

On 7/17/23 06:11, Wang Ming wrote:
> key might contain private part of the key, so better use
> kfree_sensitive to free it.
>
> Signed-off-by: Wang Ming <machel@xxxxxxxx>
> ---
>   drivers/platform/x86/think-lmi.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c
> index 52d1ce8dfe44..79346881cadb 100644
> --- a/drivers/platform/x86/think-lmi.c
> +++ b/drivers/platform/x86/think-lmi.c
> @@ -719,12 +719,12 @@ static ssize_t cert_to_password_store(struct kobject *kobj,
>   	/* Format: 'Password,Signature' */
>   	auth_str = kasprintf(GFP_KERNEL, "%s,%s", passwd, setting->signature);
>   	if (!auth_str) {
> -		kfree(passwd);
> +		kfree_sensitive(passwd);
>   		return -ENOMEM;
>   	}
>   	ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str);
>   	kfree(auth_str);
> -	kfree(passwd);
> +	kfree_sensitive(passwd);
>   
>   	return ret ?: count;
>   }

I wasn't aware of kfree_sensitive - looks good to me!

Thank you

Mark