This is a note to let you know that I've just added the patch titled
platform/x86: think-lmi: Use kfree_sensitive instead of kfree
to the 6.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
platform-x86-think-lmi-use-kfree_sensitive-instead-o.patch
and it can be found in the queue-6.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 4ad9018ebe83c7126a887209db91d4471dc0165f
Author: Wang Ming <machel@xxxxxxxx>
Date: Mon Jul 17 18:11:02 2023 +0800
platform/x86: think-lmi: Use kfree_sensitive instead of kfree
[ Upstream commit 1da0893aed2e48e2bdf37c29b029f2e060d25927 ]
key might contain private part of the key, so better use
kfree_sensitive to free it.
Signed-off-by: Wang Ming <machel@xxxxxxxx>
Link: https://lore.kernel.org/r/20230717101114.18966-1-machel@xxxxxxxx
Reviewed-by: Hans de Goede <hdegoede@xxxxxxxxxx>
Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c
index e4047ee0a7546..63eca13fd882f 100644
--- a/drivers/platform/x86/think-lmi.c
+++ b/drivers/platform/x86/think-lmi.c
@@ -719,12 +719,12 @@ static ssize_t cert_to_password_store(struct kobject *kobj,
/* Format: 'Password,Signature' */
auth_str = kasprintf(GFP_KERNEL, "%s,%s", passwd, setting->signature);
if (!auth_str) {
- kfree(passwd);
+ kfree_sensitive(passwd);
return -ENOMEM;
}
ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str);
kfree(auth_str);
- kfree(passwd);
+ kfree_sensitive(passwd);
return ret ?: count;
}
