[PATCH OLK-6.6] s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings - Kernel

6 Aug 2024

From: Jules Irenge jbi.octave@gmail.com
mainline inclusion
from mainline-v6.10-rc1
commit 22e6824622e8a8889df0f8fc4ed5aea0e702a694
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGSJP
CVE: CVE-2024-42158
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Replace memzero_explicit() and kfree() with kfree_sensitive() to fix
warnings reported by Coccinelle:
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)
WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)
Signed-off-by: Jules Irenge jbi.octave@gmail.com
Reviewed-by: Holger Dengler dengler@linux.ibm.com
Link: https://lore.kernel.org/r/ZjqZkNi_JUJu73Rg@octinomon.home
Signed-off-by: Heiko Carstens hca@linux.ibm.com
Signed-off-by: Alexander Gordeev agordeev@linux.ibm.com
Conflicts:
    drivers/s390/crypto/pkey_api.c
[commit 6d749b4e0208 ("s390/pkey: introduce dynamic debugging for pkey")
is not merged]
Signed-off-by: Zhang Changzhong zhangchangzhong@huawei.com
---
 drivers/s390/crypto/pkey_api.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 436de13..cfbed3a 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -1491,8 +1491,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
    	rc = pkey_keyblob2pkey(kkey, ktp.keylen, ktp.protkey.protkey,
    			       &ktp.protkey.len, &ktp.protkey.type);
    	DEBUG_DBG("%s pkey_keyblob2pkey()=%d\n", __func__, rc);
-		memzero_explicit(kkey, ktp.keylen);
-		kfree(kkey);
+		kfree_sensitive(kkey);
    	if (!rc && copy_to_user(utp, &ktp, sizeof(ktp)))
    		rc = -EFAULT;
    	memzero_explicit(&ktp, sizeof(ktp));
@@ -1627,8 +1626,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
    				&ktp.protkey.type);
    	DEBUG_DBG("%s pkey_keyblob2pkey2()=%d\n", __func__, rc);
    	kfree(apqns);
-		memzero_explicit(kkey, ktp.keylen);
-		kfree(kkey);
+		kfree_sensitive(kkey);
    	if (!rc && copy_to_user(utp, &ktp, sizeof(ktp)))
    		rc = -EFAULT;
    	memzero_explicit(&ktp, sizeof(ktp));
@@ -1753,8 +1751,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
    				protkey, &protkeylen, &ktp.pkeytype);
    	DEBUG_DBG("%s pkey_keyblob2pkey3()=%d\n", __func__, rc);
    	kfree(apqns);
-		memzero_explicit(kkey, ktp.keylen);
-		kfree(kkey);
+		kfree_sensitive(kkey);
    	if (rc) {
    		kfree_sensitive(protkey);
    		break;
-- 
2.9.5


    