This is a note to let you know that I've just added the patch titled platform/x86: think-lmi: Use kfree_sensitive instead of kfree to the 6.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: platform-x86-think-lmi-use-kfree_sensitive-instead-o.patch and it can be found in the queue-6.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 4ad9018ebe83c7126a887209db91d4471dc0165f Author: Wang Ming <machel@xxxxxxxx> Date: Mon Jul 17 18:11:02 2023 +0800 platform/x86: think-lmi: Use kfree_sensitive instead of kfree [ Upstream commit 1da0893aed2e48e2bdf37c29b029f2e060d25927 ] key might contain private part of the key, so better use kfree_sensitive to free it. Signed-off-by: Wang Ming <machel@xxxxxxxx> Link: https://lore.kernel.org/r/20230717101114.18966-1-machel@xxxxxxxx Reviewed-by: Hans de Goede <hdegoede@xxxxxxxxxx> Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c index e4047ee0a7546..63eca13fd882f 100644 --- a/drivers/platform/x86/think-lmi.c +++ b/drivers/platform/x86/think-lmi.c @@ -719,12 +719,12 @@ static ssize_t cert_to_password_store(struct kobject *kobj, /* Format: 'Password,Signature' */ auth_str = kasprintf(GFP_KERNEL, "%s,%s", passwd, setting->signature); if (!auth_str) { - kfree(passwd); + kfree_sensitive(passwd); return -ENOMEM; } ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str); kfree(auth_str); - kfree(passwd); + kfree_sensitive(passwd); return ret ?: count; }