tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
mm, treewide: rename kzfree() to kfree_sensitive()
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the
caller wants.
In "kzfree()", the z is actively detrimental, because maybe in the
future we really _might_ want to use that "memfill(0xdeadbeef)" or
something. The "zero" part of the interface isn't even _relevant_.
The main reason that kzfree() exists is to clear sensitive information
that should not be leaked to other future users of the same memory
objects.
Rename kzfree() to kfree_sensitive() to follow the example of the recently
added kvfree_sensitive() and make the intention of the API more explicit.
In addition, memzero_explicit() is used to clear the memory to make sure
that it won't get optimized away by the compiler.
The renaming is done by using the command sequence:
git grep -w --name-only kzfree |\
xargs sed -i 's/kzfree/kfree_sensitive/'
followed by some editing of the kfree_sensitive() kerneldoc and adding
a kzfree backward compatibility macro in slab.h.
[akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h]
[akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more]
Suggested-by: Joe Perches <joe@perches.com>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>
Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
authored by
Waiman Long
and committed by
Linus Torvalds
453431a5
57c720d4
+323
-320
+2
-2
arch/s390/crypto/prng.c
+2
-2
arch/s390/crypto/prng.c
···
249
249
{
250
250
pr_debug("The prng module stopped "
251
251
"after running in triple DES mode\n");
252
-
kzfree(prng_data);
252
+
kfree_sensitive(prng_data);
253
253
}
254
254
255
255
···
442
442
static void prng_sha512_deinstantiate(void)
443
443
{
444
444
pr_debug("The prng module stopped after running in SHA-512 mode\n");
445
-
kzfree(prng_data);
445
+
kfree_sensitive(prng_data);
446
446
}
447
447
448
448
+1
-1
arch/x86/power/hibernate.c
+1
-1
arch/x86/power/hibernate.c
+1
-1
crypto/adiantum.c
+1
-1
crypto/adiantum.c
+2
-2
crypto/ahash.c
+2
-2
crypto/ahash.c
···
183
183
alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
184
184
memcpy(alignbuffer, key, keylen);
185
185
ret = tfm->setkey(tfm, alignbuffer, keylen);
186
-
kzfree(buffer);
186
+
kfree_sensitive(buffer);
187
187
return ret;
188
188
}
189
189
···
302
302
req->priv = NULL;
303
303
304
304
/* Free the req->priv.priv from the ADJUSTED request. */
305
-
kzfree(priv);
305
+
kfree_sensitive(priv);
306
306
}
307
307
308
308
static void ahash_notify_einprogress(struct ahash_request *req)
+1
-1
crypto/api.c
+1
-1
crypto/api.c
+2
-2
crypto/asymmetric_keys/verify_pefile.c
+2
-2
crypto/asymmetric_keys/verify_pefile.c
···
376
376
}
377
377
378
378
error:
379
-
kzfree(desc);
379
+
kfree_sensitive(desc);
380
380
error_no_desc:
381
381
crypto_free_shash(tfm);
382
382
kleave(" = %d", ret);
···
447
447
ret = pefile_digest_pe(pebuf, pelen, &ctx);
448
448
449
449
error:
450
-
kzfree(ctx.digest);
450
+
kfree_sensitive(ctx.digest);
451
451
return ret;
452
452
}
+1
-1
crypto/deflate.c
+1
-1
crypto/deflate.c
+5
-5
crypto/drbg.c
+5
-5
crypto/drbg.c
···
1218
1218
{
1219
1219
if (!drbg)
1220
1220
return;
1221
-
kzfree(drbg->Vbuf);
1221
+
kfree_sensitive(drbg->Vbuf);
1222
1222
drbg->Vbuf = NULL;
1223
1223
drbg->V = NULL;
1224
-
kzfree(drbg->Cbuf);
1224
+
kfree_sensitive(drbg->Cbuf);
1225
1225
drbg->Cbuf = NULL;
1226
1226
drbg->C = NULL;
1227
-
kzfree(drbg->scratchpadbuf);
1227
+
kfree_sensitive(drbg->scratchpadbuf);
1228
1228
drbg->scratchpadbuf = NULL;
1229
1229
drbg->reseed_ctr = 0;
1230
1230
drbg->d_ops = NULL;
1231
1231
drbg->core = NULL;
1232
1232
if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
1233
-
kzfree(drbg->prev);
1233
+
kfree_sensitive(drbg->prev);
1234
1234
drbg->prev = NULL;
1235
1235
drbg->fips_primed = false;
1236
1236
}
···
1701
1701
struct sdesc *sdesc = (struct sdesc *)drbg->priv_data;
1702
1702
if (sdesc) {
1703
1703
crypto_free_shash(sdesc->shash.tfm);
1704
-
kzfree(sdesc);
1704
+
kfree_sensitive(sdesc);
1705
1705
}
1706
1706
drbg->priv_data = NULL;
1707
1707
return 0;
+4
-4
crypto/ecc.c
+4
-4
crypto/ecc.c
···
67
67
68
68
static void ecc_free_digits_space(u64 *space)
69
69
{
70
-
kzfree(space);
70
+
kfree_sensitive(space);
71
71
}
72
72
73
73
static struct ecc_point *ecc_alloc_point(unsigned int ndigits)
···
101
101
if (!p)
102
102
return;
103
103
104
-
kzfree(p->x);
105
-
kzfree(p->y);
106
-
kzfree(p);
104
+
kfree_sensitive(p->x);
105
+
kfree_sensitive(p->y);
106
+
kfree_sensitive(p);
107
107
}
108
108
109
109
static void vli_clear(u64 *vli, unsigned int ndigits)
+1
-1
crypto/ecdh.c
+1
-1
crypto/ecdh.c
+1
-1
crypto/gcm.c
+1
-1
crypto/gcm.c
+2
-2
crypto/gf128mul.c
+2
-2
crypto/gf128mul.c
+1
-1
crypto/jitterentropy-kcapi.c
+1
-1
crypto/jitterentropy-kcapi.c
+1
-1
crypto/rng.c
+1
-1
crypto/rng.c
+3
-3
crypto/rsa-pkcs1pad.c
+3
-3
crypto/rsa-pkcs1pad.c
···
199
199
sg_copy_from_buffer(req->dst,
200
200
sg_nents_for_len(req->dst, ctx->key_size),
201
201
out_buf, ctx->key_size);
202
-
kzfree(out_buf);
202
+
kfree_sensitive(out_buf);
203
203
204
204
out:
205
205
req->dst_len = ctx->key_size;
···
322
322
out_buf + pos, req->dst_len);
323
323
324
324
done:
325
-
kzfree(req_ctx->out_buf);
325
+
kfree_sensitive(req_ctx->out_buf);
326
326
327
327
return err;
328
328
}
···
500
500
req->dst_len) != 0)
501
501
err = -EKEYREJECTED;
502
502
done:
503
-
kzfree(req_ctx->out_buf);
503
+
kfree_sensitive(req_ctx->out_buf);
504
504
505
505
return err;
506
506
}
+1
-1
crypto/seqiv.c
+1
-1
crypto/seqiv.c
+1
-1
crypto/shash.c
+1
-1
crypto/shash.c
+1
-1
crypto/skcipher.c
+1
-1
crypto/skcipher.c
+3
-3
crypto/testmgr.c
+3
-3
crypto/testmgr.c
···
1744
1744
kfree(vec.plaintext);
1745
1745
kfree(vec.digest);
1746
1746
crypto_free_shash(generic_tfm);
1747
-
kzfree(generic_desc);
1747
+
kfree_sensitive(generic_desc);
1748
1748
return err;
1749
1749
}
1750
1750
#else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
···
3665
3665
if (IS_ERR(drng)) {
3666
3666
printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
3667
3667
"%s\n", driver);
3668
-
kzfree(buf);
3668
+
kfree_sensitive(buf);
3669
3669
return -ENOMEM;
3670
3670
}
3671
3671
···
3712
3712
3713
3713
outbuf:
3714
3714
crypto_free_rng(drng);
3715
-
kzfree(buf);
3715
+
kfree_sensitive(buf);
3716
3716
return ret;
3717
3717
}
3718
3718
+1
-1
crypto/zstd.c
+1
-1
crypto/zstd.c
+1
-1
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
+1
-1
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
+1
-1
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
+1
-1
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
+2
-2
drivers/crypto/amlogic/amlogic-gxl-cipher.c
+2
-2
drivers/crypto/amlogic/amlogic-gxl-cipher.c
+1
-1
drivers/crypto/atmel-ecc.c
+1
-1
drivers/crypto/atmel-ecc.c
+14
-14
drivers/crypto/caam/caampkc.c
+14
-14
drivers/crypto/caam/caampkc.c
···
854
854
855
855
static void caam_rsa_free_key(struct caam_rsa_key *key)
856
856
{
857
-
kzfree(key->d);
858
-
kzfree(key->p);
859
-
kzfree(key->q);
860
-
kzfree(key->dp);
861
-
kzfree(key->dq);
862
-
kzfree(key->qinv);
863
-
kzfree(key->tmp1);
864
-
kzfree(key->tmp2);
857
+
kfree_sensitive(key->d);
858
+
kfree_sensitive(key->p);
859
+
kfree_sensitive(key->q);
860
+
kfree_sensitive(key->dp);
861
+
kfree_sensitive(key->dq);
862
+
kfree_sensitive(key->qinv);
863
+
kfree_sensitive(key->tmp1);
864
+
kfree_sensitive(key->tmp2);
865
865
kfree(key->e);
866
866
kfree(key->n);
867
867
memset(key, 0, sizeof(*key));
···
1018
1018
return;
1019
1019
1020
1020
free_dq:
1021
-
kzfree(rsa_key->dq);
1021
+
kfree_sensitive(rsa_key->dq);
1022
1022
free_dp:
1023
-
kzfree(rsa_key->dp);
1023
+
kfree_sensitive(rsa_key->dp);
1024
1024
free_tmp2:
1025
-
kzfree(rsa_key->tmp2);
1025
+
kfree_sensitive(rsa_key->tmp2);
1026
1026
free_tmp1:
1027
-
kzfree(rsa_key->tmp1);
1027
+
kfree_sensitive(rsa_key->tmp1);
1028
1028
free_q:
1029
-
kzfree(rsa_key->q);
1029
+
kfree_sensitive(rsa_key->q);
1030
1030
free_p:
1031
-
kzfree(rsa_key->p);
1031
+
kfree_sensitive(rsa_key->p);
1032
1032
}
1033
1033
1034
1034
static int caam_rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
+3
-3
drivers/crypto/cavium/cpt/cptvf_main.c
+3
-3
drivers/crypto/cavium/cpt/cptvf_main.c
···
74
74
for (i = 0; i < cptvf->nr_queues; i++)
75
75
tasklet_kill(&cwqe_info->vq_wqe[i].twork);
76
76
77
-
kzfree(cwqe_info);
77
+
kfree_sensitive(cwqe_info);
78
78
cptvf->wqe_info = NULL;
79
79
}
80
80
···
88
88
continue;
89
89
90
90
/* free single queue */
91
-
kzfree((queue->head));
91
+
kfree_sensitive((queue->head));
92
92
93
93
queue->front = 0;
94
94
queue->rear = 0;
···
189
189
chunk->head = NULL;
190
190
chunk->dma_addr = 0;
191
191
hlist_del(&chunk->nextchunk);
192
-
kzfree(chunk);
192
+
kfree_sensitive(chunk);
193
193
}
194
194
195
195
queue->nchunks = 0;
+6
-6
drivers/crypto/cavium/cpt/cptvf_reqmanager.c
+6
-6
drivers/crypto/cavium/cpt/cptvf_reqmanager.c
···
305
305
}
306
306
}
307
307
308
-
kzfree(info->scatter_components);
309
-
kzfree(info->gather_components);
310
-
kzfree(info->out_buffer);
311
-
kzfree(info->in_buffer);
312
-
kzfree((void *)info->completion_addr);
313
-
kzfree(info);
308
+
kfree_sensitive(info->scatter_components);
309
+
kfree_sensitive(info->gather_components);
310
+
kfree_sensitive(info->out_buffer);
311
+
kfree_sensitive(info->in_buffer);
312
+
kfree_sensitive((void *)info->completion_addr);
313
+
kfree_sensitive(info);
314
314
}
315
315
316
316
static void do_post_process(struct cpt_vf *cptvf, struct cpt_info_buffer *info)
+2
-2
drivers/crypto/cavium/nitrox/nitrox_lib.c
+2
-2
drivers/crypto/cavium/nitrox/nitrox_lib.c
···
90
90
91
91
for (i = 0; i < ndev->nr_queues; i++) {
92
92
nitrox_cmdq_cleanup(ndev->aqmq[i]);
93
-
kzfree(ndev->aqmq[i]);
93
+
kfree_sensitive(ndev->aqmq[i]);
94
94
ndev->aqmq[i] = NULL;
95
95
}
96
96
}
···
122
122
123
123
err = nitrox_cmdq_init(cmdq, AQM_Q_ALIGN_BYTES);
124
124
if (err) {
125
-
kzfree(cmdq);
125
+
kfree_sensitive(cmdq);
126
126
goto aqmq_fail;
127
127
}
128
128
ndev->aqmq[i] = cmdq;
+3
-3
drivers/crypto/cavium/zip/zip_crypto.c
+3
-3
drivers/crypto/cavium/zip/zip_crypto.c
···
260
260
ret = zip_ctx_init(zip_ctx, 0);
261
261
262
262
if (ret) {
263
-
kzfree(zip_ctx);
263
+
kfree_sensitive(zip_ctx);
264
264
return ERR_PTR(ret);
265
265
}
266
266
···
279
279
ret = zip_ctx_init(zip_ctx, 1);
280
280
281
281
if (ret) {
282
-
kzfree(zip_ctx);
282
+
kfree_sensitive(zip_ctx);
283
283
return ERR_PTR(ret);
284
284
}
285
285
···
291
291
struct zip_kernel_ctx *zip_ctx = ctx;
292
292
293
293
zip_ctx_exit(zip_ctx);
294
-
kzfree(zip_ctx);
294
+
kfree_sensitive(zip_ctx);
295
295
}
296
296
297
297
int zip_scomp_compress(struct crypto_scomp *tfm,
+3
-3
drivers/crypto/ccp/ccp-crypto-rsa.c
+3
-3
drivers/crypto/ccp/ccp-crypto-rsa.c
···
112
112
static void ccp_rsa_free_key_bufs(struct ccp_ctx *ctx)
113
113
{
114
114
/* Clean up old key data */
115
-
kzfree(ctx->u.rsa.e_buf);
115
+
kfree_sensitive(ctx->u.rsa.e_buf);
116
116
ctx->u.rsa.e_buf = NULL;
117
117
ctx->u.rsa.e_len = 0;
118
-
kzfree(ctx->u.rsa.n_buf);
118
+
kfree_sensitive(ctx->u.rsa.n_buf);
119
119
ctx->u.rsa.n_buf = NULL;
120
120
ctx->u.rsa.n_len = 0;
121
-
kzfree(ctx->u.rsa.d_buf);
121
+
kfree_sensitive(ctx->u.rsa.d_buf);
122
122
ctx->u.rsa.d_buf = NULL;
123
123
ctx->u.rsa.d_len = 0;
124
124
}
+2
-2
drivers/crypto/ccree/cc_aead.c
+2
-2
drivers/crypto/ccree/cc_aead.c
···
448
448
if (dma_mapping_error(dev, key_dma_addr)) {
449
449
dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
450
450
key, keylen);
451
-
kzfree(key);
451
+
kfree_sensitive(key);
452
452
return -ENOMEM;
453
453
}
454
454
if (keylen > blocksize) {
···
533
533
if (key_dma_addr)
534
534
dma_unmap_single(dev, key_dma_addr, keylen, DMA_TO_DEVICE);
535
535
536
-
kzfree(key);
536
+
kfree_sensitive(key);
537
537
538
538
return rc;
539
539
}
+2
-2
drivers/crypto/ccree/cc_buffer_mgr.c
+2
-2
drivers/crypto/ccree/cc_buffer_mgr.c
···
488
488
if (areq_ctx->gen_ctx.iv_dma_addr) {
489
489
dma_unmap_single(dev, areq_ctx->gen_ctx.iv_dma_addr,
490
490
hw_iv_size, DMA_BIDIRECTIONAL);
491
-
kzfree(areq_ctx->gen_ctx.iv);
491
+
kfree_sensitive(areq_ctx->gen_ctx.iv);
492
492
}
493
493
494
494
/* Release pool */
···
559
559
if (dma_mapping_error(dev, areq_ctx->gen_ctx.iv_dma_addr)) {
560
560
dev_err(dev, "Mapping iv %u B at va=%pK for DMA failed\n",
561
561
hw_iv_size, req->iv);
562
-
kzfree(areq_ctx->gen_ctx.iv);
562
+
kfree_sensitive(areq_ctx->gen_ctx.iv);
563
563
areq_ctx->gen_ctx.iv = NULL;
564
564
rc = -ENOMEM;
565
565
goto chain_iv_exit;
+3
-3
drivers/crypto/ccree/cc_cipher.c
+3
-3
drivers/crypto/ccree/cc_cipher.c
···
257
257
&ctx_p->user.key_dma_addr);
258
258
259
259
/* Free key buffer in context */
260
-
kzfree(ctx_p->user.key);
260
+
kfree_sensitive(ctx_p->user.key);
261
261
dev_dbg(dev, "Free key buffer in context. key=@%p\n", ctx_p->user.key);
262
262
}
263
263
···
881
881
/* Not a BACKLOG notification */
882
882
cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst);
883
883
memcpy(req->iv, req_ctx->iv, ivsize);
884
-
kzfree(req_ctx->iv);
884
+
kfree_sensitive(req_ctx->iv);
885
885
}
886
886
887
887
skcipher_request_complete(req, err);
···
994
994
995
995
exit_process:
996
996
if (rc != -EINPROGRESS && rc != -EBUSY) {
997
-
kzfree(req_ctx->iv);
997
+
kfree_sensitive(req_ctx->iv);
998
998
}
999
999
1000
1000
return rc;
+4
-4
drivers/crypto/ccree/cc_hash.c
+4
-4
drivers/crypto/ccree/cc_hash.c
···
764
764
if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
765
765
dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
766
766
ctx->key_params.key, keylen);
767
-
kzfree(ctx->key_params.key);
767
+
kfree_sensitive(ctx->key_params.key);
768
768
return -ENOMEM;
769
769
}
770
770
dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
···
913
913
&ctx->key_params.key_dma_addr, ctx->key_params.keylen);
914
914
}
915
915
916
-
kzfree(ctx->key_params.key);
916
+
kfree_sensitive(ctx->key_params.key);
917
917
918
918
return rc;
919
919
}
···
950
950
if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
951
951
dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
952
952
key, keylen);
953
-
kzfree(ctx->key_params.key);
953
+
kfree_sensitive(ctx->key_params.key);
954
954
return -ENOMEM;
955
955
}
956
956
dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
···
999
999
dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",
1000
1000
&ctx->key_params.key_dma_addr, ctx->key_params.keylen);
1001
1001
1002
-
kzfree(ctx->key_params.key);
1002
+
kfree_sensitive(ctx->key_params.key);
1003
1003
1004
1004
return rc;
1005
1005
}
+1
-1
drivers/crypto/ccree/cc_request_mgr.c
+1
-1
drivers/crypto/ccree/cc_request_mgr.c
+1
-1
drivers/crypto/marvell/cesa/hash.c
+1
-1
drivers/crypto/marvell/cesa/hash.c
+3
-3
drivers/crypto/marvell/octeontx/otx_cptvf_main.c
+3
-3
drivers/crypto/marvell/octeontx/otx_cptvf_main.c
···
68
68
for (i = 0; i < cptvf->num_queues; i++)
69
69
tasklet_kill(&cwqe_info->vq_wqe[i].twork);
70
70
71
-
kzfree(cwqe_info);
71
+
kfree_sensitive(cwqe_info);
72
72
cptvf->wqe_info = NULL;
73
73
}
74
74
···
82
82
continue;
83
83
84
84
/* free single queue */
85
-
kzfree((queue->head));
85
+
kfree_sensitive((queue->head));
86
86
queue->front = 0;
87
87
queue->rear = 0;
88
88
queue->qlen = 0;
···
176
176
chunk->head = NULL;
177
177
chunk->dma_addr = 0;
178
178
list_del(&chunk->nextchunk);
179
-
kzfree(chunk);
179
+
kfree_sensitive(chunk);
180
180
}
181
181
queue->num_chunks = 0;
182
182
queue->idx = 0;
+1
-1
drivers/crypto/marvell/octeontx/otx_cptvf_reqmgr.h
+1
-1
drivers/crypto/marvell/octeontx/otx_cptvf_reqmgr.h
+2
-2
drivers/crypto/nx/nx.c
+2
-2
drivers/crypto/nx/nx.c
···
746
746
{
747
747
struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(tfm);
748
748
749
-
kzfree(nx_ctx->kmem);
749
+
kfree_sensitive(nx_ctx->kmem);
750
750
nx_ctx->csbcpb = NULL;
751
751
nx_ctx->csbcpb_aead = NULL;
752
752
nx_ctx->in_sg = NULL;
···
762
762
{
763
763
struct nx_crypto_ctx *nx_ctx = crypto_aead_ctx(tfm);
764
764
765
-
kzfree(nx_ctx->kmem);
765
+
kfree_sensitive(nx_ctx->kmem);
766
766
}
767
767
768
768
static int nx_probe(struct vio_dev *viodev, const struct vio_device_id *id)
+6
-6
drivers/crypto/virtio/virtio_crypto_algs.c
+6
-6
drivers/crypto/virtio/virtio_crypto_algs.c
···
167
167
num_in, vcrypto, GFP_ATOMIC);
168
168
if (err < 0) {
169
169
spin_unlock(&vcrypto->ctrl_lock);
170
-
kzfree(cipher_key);
170
+
kfree_sensitive(cipher_key);
171
171
return err;
172
172
}
173
173
virtqueue_kick(vcrypto->ctrl_vq);
···
184
184
spin_unlock(&vcrypto->ctrl_lock);
185
185
pr_err("virtio_crypto: Create session failed status: %u\n",
186
186
le32_to_cpu(vcrypto->input.status));
187
-
kzfree(cipher_key);
187
+
kfree_sensitive(cipher_key);
188
188
return -EINVAL;
189
189
}
190
190
···
197
197
198
198
spin_unlock(&vcrypto->ctrl_lock);
199
199
200
-
kzfree(cipher_key);
200
+
kfree_sensitive(cipher_key);
201
201
return 0;
202
202
}
203
203
···
472
472
return 0;
473
473
474
474
free_iv:
475
-
kzfree(iv);
475
+
kfree_sensitive(iv);
476
476
free:
477
-
kzfree(req_data);
477
+
kfree_sensitive(req_data);
478
478
kfree(sgs);
479
479
return err;
480
480
}
···
583
583
scatterwalk_map_and_copy(req->iv, req->dst,
584
584
req->cryptlen - AES_BLOCK_SIZE,
585
585
AES_BLOCK_SIZE, 0);
586
-
kzfree(vc_sym_req->iv);
586
+
kfree_sensitive(vc_sym_req->iv);
587
587
virtcrypto_clear_request(&vc_sym_req->base);
588
588
589
589
crypto_finalize_skcipher_request(vc_sym_req->base.dataq->engine,
+1
-1
drivers/crypto/virtio/virtio_crypto_core.c
+1
-1
drivers/crypto/virtio/virtio_crypto_core.c
+16
-16
drivers/md/dm-crypt.c
+16
-16
drivers/md/dm-crypt.c
···
407
407
crypto_free_shash(lmk->hash_tfm);
408
408
lmk->hash_tfm = NULL;
409
409
410
-
kzfree(lmk->seed);
410
+
kfree_sensitive(lmk->seed);
411
411
lmk->seed = NULL;
412
412
}
413
413
···
558
558
{
559
559
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
560
560
561
-
kzfree(tcw->iv_seed);
561
+
kfree_sensitive(tcw->iv_seed);
562
562
tcw->iv_seed = NULL;
563
-
kzfree(tcw->whitening);
563
+
kfree_sensitive(tcw->whitening);
564
564
tcw->whitening = NULL;
565
565
566
566
if (tcw->crc32_tfm && !IS_ERR(tcw->crc32_tfm))
···
994
994
995
995
kunmap_atomic(data);
996
996
out:
997
-
kzfree(ks);
998
-
kzfree(es);
997
+
kfree_sensitive(ks);
998
+
kfree_sensitive(es);
999
999
skcipher_request_free(req);
1000
1000
return r;
1001
1001
}
···
2294
2294
2295
2295
key = request_key(type, key_desc + 1, NULL);
2296
2296
if (IS_ERR(key)) {
2297
-
kzfree(new_key_string);
2297
+
kfree_sensitive(new_key_string);
2298
2298
return PTR_ERR(key);
2299
2299
}
2300
2300
···
2304
2304
if (ret < 0) {
2305
2305
up_read(&key->sem);
2306
2306
key_put(key);
2307
-
kzfree(new_key_string);
2307
+
kfree_sensitive(new_key_string);
2308
2308
return ret;
2309
2309
}
2310
2310
···
2318
2318
2319
2319
if (!ret) {
2320
2320
set_bit(DM_CRYPT_KEY_VALID, &cc->flags);
2321
-
kzfree(cc->key_string);
2321
+
kfree_sensitive(cc->key_string);
2322
2322
cc->key_string = new_key_string;
2323
2323
} else
2324
-
kzfree(new_key_string);
2324
+
kfree_sensitive(new_key_string);
2325
2325
2326
2326
return ret;
2327
2327
}
···
2382
2382
clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
2383
2383
2384
2384
/* wipe references to any kernel keyring key */
2385
-
kzfree(cc->key_string);
2385
+
kfree_sensitive(cc->key_string);
2386
2386
cc->key_string = NULL;
2387
2387
2388
2388
/* Decode key from its hex representation. */
···
2414
2414
return r;
2415
2415
}
2416
2416
2417
-
kzfree(cc->key_string);
2417
+
kfree_sensitive(cc->key_string);
2418
2418
cc->key_string = NULL;
2419
2419
r = crypt_setkey(cc);
2420
2420
memset(&cc->key, 0, cc->key_size * sizeof(u8));
···
2493
2493
if (cc->dev)
2494
2494
dm_put_device(ti, cc->dev);
2495
2495
2496
-
kzfree(cc->cipher_string);
2497
-
kzfree(cc->key_string);
2498
-
kzfree(cc->cipher_auth);
2499
-
kzfree(cc->authenc_key);
2496
+
kfree_sensitive(cc->cipher_string);
2497
+
kfree_sensitive(cc->key_string);
2498
+
kfree_sensitive(cc->cipher_auth);
2499
+
kfree_sensitive(cc->authenc_key);
2500
2500
2501
2501
mutex_destroy(&cc->bio_alloc_lock);
2502
2502
2503
2503
/* Must zero key material before freeing */
2504
-
kzfree(cc);
2504
+
kfree_sensitive(cc);
2505
2505
2506
2506
spin_lock(&dm_crypt_clients_lock);
2507
2507
WARN_ON(!dm_crypt_clients_n);
+3
-3
drivers/md/dm-integrity.c
+3
-3
drivers/md/dm-integrity.c
···
3405
3405
3406
3406
static void free_alg(struct alg_spec *a)
3407
3407
{
3408
-
kzfree(a->alg_string);
3409
-
kzfree(a->key);
3408
+
kfree_sensitive(a->alg_string);
3409
+
kfree_sensitive(a->key);
3410
3410
memset(a, 0, sizeof *a);
3411
3411
}
3412
3412
···
4337
4337
for (i = 0; i < ic->journal_sections; i++) {
4338
4338
struct skcipher_request *req = ic->sk_requests[i];
4339
4339
if (req) {
4340
-
kzfree(req->iv);
4340
+
kfree_sensitive(req->iv);
4341
4341
skcipher_request_free(req);
4342
4342
}
4343
4343
}
+3
-3
drivers/misc/ibmvmc.c
+3
-3
drivers/misc/ibmvmc.c
···
286
286
287
287
if (dma_mapping_error(&vdev->dev, *dma_handle)) {
288
288
*dma_handle = 0;
289
-
kzfree(buffer);
289
+
kfree_sensitive(buffer);
290
290
return NULL;
291
291
}
292
292
···
310
310
dma_unmap_single(&vdev->dev, dma_handle, size, DMA_BIDIRECTIONAL);
311
311
312
312
/* deallocate memory */
313
-
kzfree(vaddr);
313
+
kfree_sensitive(vaddr);
314
314
}
315
315
316
316
/**
···
883
883
spin_unlock_irqrestore(&hmc->lock, flags);
884
884
}
885
885
886
-
kzfree(session);
886
+
kfree_sensitive(session);
887
887
888
888
return rc;
889
889
}
+1
-1
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c
+1
-1
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c
+3
-3
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+3
-3
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
···
960
960
return 0;
961
961
962
962
err_aead:
963
-
kzfree(xs->aead);
963
+
kfree_sensitive(xs->aead);
964
964
err_xs:
965
-
kzfree(xs);
965
+
kfree_sensitive(xs);
966
966
err_out:
967
967
msgbuf[1] = err;
968
968
return err;
···
1047
1047
ixgbe_ipsec_del_sa(xs);
1048
1048
1049
1049
/* remove the xs that was made-up in the add request */
1050
-
kzfree(xs);
1050
+
kfree_sensitive(xs);
1051
1051
1052
1052
return 0;
1053
1053
}
+3
-3
drivers/net/ppp/ppp_mppe.c
+3
-3
drivers/net/ppp/ppp_mppe.c
···
222
222
kfree(state->sha1_digest);
223
223
if (state->sha1) {
224
224
crypto_free_shash(state->sha1->tfm);
225
-
kzfree(state->sha1);
225
+
kfree_sensitive(state->sha1);
226
226
}
227
227
kfree(state);
228
228
out:
···
238
238
if (state) {
239
239
kfree(state->sha1_digest);
240
240
crypto_free_shash(state->sha1->tfm);
241
-
kzfree(state->sha1);
242
-
kzfree(state);
241
+
kfree_sensitive(state->sha1);
242
+
kfree_sensitive(state);
243
243
}
244
244
}
245
245
+2
-2
drivers/net/wireguard/noise.c
+2
-2
drivers/net/wireguard/noise.c
···
114
114
115
115
static void keypair_free_rcu(struct rcu_head *rcu)
116
116
{
117
-
kzfree(container_of(rcu, struct noise_keypair, rcu));
117
+
kfree_sensitive(container_of(rcu, struct noise_keypair, rcu));
118
118
}
119
119
120
120
static void keypair_free_kref(struct kref *kref)
···
821
821
handshake->entry.peer->device->index_hashtable,
822
822
&handshake->entry, &new_keypair->entry);
823
823
} else {
824
-
kzfree(new_keypair);
824
+
kfree_sensitive(new_keypair);
825
825
}
826
826
rcu_read_unlock_bh();
827
827
+1
-1
drivers/net/wireguard/peer.c
+1
-1
drivers/net/wireguard/peer.c
+1
-1
drivers/net/wireless/intel/iwlwifi/pcie/rx.c
+1
-1
drivers/net/wireless/intel/iwlwifi/pcie/rx.c
+3
-3
drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
+3
-3
drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
···
1026
1026
BUILD_BUG_ON(IWL_TFH_NUM_TBS > sizeof(out_meta->tbs) * BITS_PER_BYTE);
1027
1027
out_meta->flags = cmd->flags;
1028
1028
if (WARN_ON_ONCE(txq->entries[idx].free_buf))
1029
-
kzfree(txq->entries[idx].free_buf);
1029
+
kfree_sensitive(txq->entries[idx].free_buf);
1030
1030
txq->entries[idx].free_buf = dup_buf;
1031
1031
1032
1032
trace_iwlwifi_dev_hcmd(trans->dev, cmd, cmd_size, &out_cmd->hdr_wide);
···
1257
1257
/* De-alloc array of command/tx buffers */
1258
1258
if (txq_id == trans->txqs.cmd.q_id)
1259
1259
for (i = 0; i < txq->n_window; i++) {
1260
-
kzfree(txq->entries[i].cmd);
1261
-
kzfree(txq->entries[i].free_buf);
1260
+
kfree_sensitive(txq->entries[i].cmd);
1261
+
kfree_sensitive(txq->entries[i].free_buf);
1262
1262
}
1263
1263
del_timer_sync(&txq->stuck_timer);
1264
1264
+3
-3
drivers/net/wireless/intel/iwlwifi/pcie/tx.c
+3
-3
drivers/net/wireless/intel/iwlwifi/pcie/tx.c
···
721
721
/* De-alloc array of command/tx buffers */
722
722
if (txq_id == trans->txqs.cmd.q_id)
723
723
for (i = 0; i < txq->n_window; i++) {
724
-
kzfree(txq->entries[i].cmd);
725
-
kzfree(txq->entries[i].free_buf);
724
+
kfree_sensitive(txq->entries[i].cmd);
725
+
kfree_sensitive(txq->entries[i].free_buf);
726
726
}
727
727
728
728
/* De-alloc circular buffer of TFDs */
···
1765
1765
BUILD_BUG_ON(IWL_TFH_NUM_TBS > sizeof(out_meta->tbs) * BITS_PER_BYTE);
1766
1766
out_meta->flags = cmd->flags;
1767
1767
if (WARN_ON_ONCE(txq->entries[idx].free_buf))
1768
-
kzfree(txq->entries[idx].free_buf);
1768
+
kfree_sensitive(txq->entries[idx].free_buf);
1769
1769
txq->entries[idx].free_buf = dup_buf;
1770
1770
1771
1771
trace_iwlwifi_dev_hcmd(trans->dev, cmd, cmd_size, &out_cmd->hdr_wide);
+2
-2
drivers/net/wireless/intersil/orinoco/wext.c
+2
-2
drivers/net/wireless/intersil/orinoco/wext.c
···
31
31
enum orinoco_alg alg, const u8 *key, int key_len,
32
32
const u8 *seq, int seq_len)
33
33
{
34
-
kzfree(priv->keys[index].key);
35
-
kzfree(priv->keys[index].seq);
34
+
kfree_sensitive(priv->keys[index].key);
35
+
kfree_sensitive(priv->keys[index].seq);
36
36
37
37
if (key_len) {
38
38
priv->keys[index].key = kzalloc(key_len, GFP_ATOMIC);
+2
-2
drivers/s390/crypto/ap_bus.h
+2
-2
drivers/s390/crypto/ap_bus.h
+1
-1
drivers/staging/ks7010/ks_hostif.c
+1
-1
drivers/staging/ks7010/ks_hostif.c
+1
-1
drivers/staging/rtl8723bs/core/rtw_security.c
+1
-1
drivers/staging/rtl8723bs/core/rtw_security.c
+1
-1
drivers/staging/wlan-ng/p80211netdev.c
+1
-1
drivers/staging/wlan-ng/p80211netdev.c
···
429
429
failed:
430
430
/* Free up the WEP buffer if it's not the same as the skb */
431
431
if ((p80211_wep.data) && (p80211_wep.data != skb->data))
432
-
kzfree(p80211_wep.data);
432
+
kfree_sensitive(p80211_wep.data);
433
433
434
434
/* we always free the skb here, never in a lower level. */
435
435
if (!result)
+1
-1
drivers/target/iscsi/iscsi_target_auth.c
+1
-1
drivers/target/iscsi/iscsi_target_auth.c
+1
-1
fs/cifs/cifsencrypt.c
+1
-1
fs/cifs/cifsencrypt.c
+5
-5
fs/cifs/connect.c
+5
-5
fs/cifs/connect.c
···
2182
2182
tmp_end++;
2183
2183
if (!(tmp_end < end && tmp_end[1] == delim)) {
2184
2184
/* No it is not. Set the password to NULL */
2185
-
kzfree(vol->password);
2185
+
kfree_sensitive(vol->password);
2186
2186
vol->password = NULL;
2187
2187
break;
2188
2188
}
···
2220
2220
options = end;
2221
2221
}
2222
2222
2223
-
kzfree(vol->password);
2223
+
kfree_sensitive(vol->password);
2224
2224
/* Now build new password string */
2225
2225
temp_len = strlen(value);
2226
2226
vol->password = kzalloc(temp_len+1, GFP_KERNEL);
···
3198
3198
rc = -ENOMEM;
3199
3199
kfree(vol->username);
3200
3200
vol->username = NULL;
3201
-
kzfree(vol->password);
3201
+
kfree_sensitive(vol->password);
3202
3202
vol->password = NULL;
3203
3203
goto out_key_put;
3204
3204
}
···
4219
4219
cifs_cleanup_volume_info_contents(struct smb_vol *volume_info)
4220
4220
{
4221
4221
kfree(volume_info->username);
4222
-
kzfree(volume_info->password);
4222
+
kfree_sensitive(volume_info->password);
4223
4223
kfree(volume_info->UNC);
4224
4224
kfree(volume_info->domainname);
4225
4225
kfree(volume_info->iocharset);
···
5345
5345
5346
5346
out:
5347
5347
kfree(vol_info->username);
5348
-
kzfree(vol_info->password);
5348
+
kfree_sensitive(vol_info->password);
5349
5349
kfree(vol_info);
5350
5350
5351
5351
return tcon;
+1
-1
fs/cifs/dfs_cache.c
+1
-1
fs/cifs/dfs_cache.c
+4
-4
fs/cifs/misc.c
+4
-4
fs/cifs/misc.c
···
103
103
kfree(buf_to_free->serverOS);
104
104
kfree(buf_to_free->serverDomain);
105
105
kfree(buf_to_free->serverNOS);
106
-
kzfree(buf_to_free->password);
106
+
kfree_sensitive(buf_to_free->password);
107
107
kfree(buf_to_free->user_name);
108
108
kfree(buf_to_free->domainName);
109
-
kzfree(buf_to_free->auth_key.response);
109
+
kfree_sensitive(buf_to_free->auth_key.response);
110
110
kfree(buf_to_free->iface_list);
111
-
kzfree(buf_to_free);
111
+
kfree_sensitive(buf_to_free);
112
112
}
113
113
114
114
struct cifs_tcon *
···
148
148
}
149
149
atomic_dec(&tconInfoAllocCount);
150
150
kfree(buf_to_free->nativeFileSystem);
151
-
kzfree(buf_to_free->password);
151
+
kfree_sensitive(buf_to_free->password);
152
152
kfree(buf_to_free->crfid.fid);
153
153
#ifdef CONFIG_CIFS_DFS_UPCALL
154
154
kfree(buf_to_free->dfs_path);
+3
-2
fs/crypto/inline_crypt.c
+3
-2
fs/crypto/inline_crypt.c
···
16
16
#include <linux/blkdev.h>
17
17
#include <linux/buffer_head.h>
18
18
#include <linux/sched/mm.h>
19
+
#include <linux/slab.h>
19
20
20
21
#include "fscrypt_private.h"
21
22
···
188
187
fail:
189
188
for (i = 0; i < queue_refs; i++)
190
189
blk_put_queue(blk_key->devs[i]);
191
-
kzfree(blk_key);
190
+
kfree_sensitive(blk_key);
192
191
return err;
193
192
}
194
193
···
202
201
blk_crypto_evict_key(blk_key->devs[i], &blk_key->base);
203
202
blk_put_queue(blk_key->devs[i]);
204
203
}
205
-
kzfree(blk_key);
204
+
kfree_sensitive(blk_key);
206
205
}
207
206
}
208
207
+3
-3
fs/crypto/keyring.c
+3
-3
fs/crypto/keyring.c
···
51
51
}
52
52
53
53
key_put(mk->mk_users);
54
-
kzfree(mk);
54
+
kfree_sensitive(mk);
55
55
}
56
56
57
57
static inline bool valid_key_spec(const struct fscrypt_key_specifier *spec)
···
531
531
static void fscrypt_provisioning_key_free_preparse(
532
532
struct key_preparsed_payload *prep)
533
533
{
534
-
kzfree(prep->payload.data[0]);
534
+
kfree_sensitive(prep->payload.data[0]);
535
535
}
536
536
537
537
static void fscrypt_provisioning_key_describe(const struct key *key,
···
548
548
549
549
static void fscrypt_provisioning_key_destroy(struct key *key)
550
550
{
551
-
kzfree(key->payload.data[0]);
551
+
kfree_sensitive(key->payload.data[0]);
552
552
}
553
553
554
554
static struct key_type key_type_fscrypt_provisioning = {
+2
-2
fs/crypto/keysetup_v1.c
+2
-2
fs/crypto/keysetup_v1.c
···
155
155
{
156
156
if (dk) {
157
157
fscrypt_destroy_prepared_key(&dk->dk_key);
158
-
kzfree(dk);
158
+
kfree_sensitive(dk);
159
159
}
160
160
}
161
161
···
283
283
284
284
err = fscrypt_set_per_file_enc_key(ci, derived_key);
285
285
out:
286
-
kzfree(derived_key);
286
+
kfree_sensitive(derived_key);
287
287
return err;
288
288
}
289
289
+2
-2
fs/ecryptfs/keystore.c
+2
-2
fs/ecryptfs/keystore.c
···
838
838
out_release_free_unlock:
839
839
crypto_free_shash(s->hash_tfm);
840
840
out_free_unlock:
841
-
kzfree(s->block_aligned_filename);
841
+
kfree_sensitive(s->block_aligned_filename);
842
842
out_unlock:
843
843
mutex_unlock(s->tfm_mutex);
844
844
out:
···
847
847
key_put(auth_tok_key);
848
848
}
849
849
skcipher_request_free(s->skcipher_req);
850
-
kzfree(s->hash_desc);
850
+
kfree_sensitive(s->hash_desc);
851
851
kfree(s);
852
852
return rc;
853
853
}
+1
-1
fs/ecryptfs/messaging.c
+1
-1
fs/ecryptfs/messaging.c
+1
-1
include/crypto/aead.h
+1
-1
include/crypto/aead.h
+1
-1
include/crypto/akcipher.h
+1
-1
include/crypto/akcipher.h
+1
-1
include/crypto/gf128mul.h
+1
-1
include/crypto/gf128mul.h
+1
-1
include/crypto/hash.h
+1
-1
include/crypto/hash.h
+1
-1
include/crypto/internal/acompress.h
+1
-1
include/crypto/internal/acompress.h
+1
-1
include/crypto/kpp.h
+1
-1
include/crypto/kpp.h
+1
-1
include/crypto/skcipher.h
+1
-1
include/crypto/skcipher.h
+3
-1
include/linux/slab.h
+3
-1
include/linux/slab.h
···
186
186
*/
187
187
void * __must_check krealloc(const void *, size_t, gfp_t);
188
188
void kfree(const void *);
189
-
void kzfree(const void *);
189
+
void kfree_sensitive(const void *);
190
190
size_t __ksize(const void *);
191
191
size_t ksize(const void *);
192
+
193
+
#define kzfree(x) kfree_sensitive(x) /* For backward compatibility */
192
194
193
195
#ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR
194
196
void __check_heap_object(const void *ptr, unsigned long n, struct page *page,
+3
-3
lib/mpi/mpiutil.c
+3
-3
lib/mpi/mpiutil.c
···
69
69
if (!a)
70
70
return;
71
71
72
-
kzfree(a);
72
+
kfree_sensitive(a);
73
73
}
74
74
75
75
void mpi_assign_limb_space(MPI a, mpi_ptr_t ap, unsigned nlimbs)
···
95
95
if (!p)
96
96
return -ENOMEM;
97
97
memcpy(p, a->d, a->alloced * sizeof(mpi_limb_t));
98
-
kzfree(a->d);
98
+
kfree_sensitive(a->d);
99
99
a->d = p;
100
100
} else {
101
101
a->d = kcalloc(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL);
···
112
112
return;
113
113
114
114
if (a->flags & 4)
115
-
kzfree(a->d);
115
+
kfree_sensitive(a->d);
116
116
else
117
117
mpi_free_limb_space(a->d);
118
118
+3
-3
lib/test_kasan.c
+3
-3
lib/test_kasan.c
···
766
766
char *ptr;
767
767
size_t size = 16;
768
768
769
-
pr_info("double-free (kzfree)\n");
769
+
pr_info("double-free (kfree_sensitive)\n");
770
770
ptr = kmalloc(size, GFP_KERNEL);
771
771
if (!ptr) {
772
772
pr_err("Allocation failed\n");
773
773
return;
774
774
}
775
775
776
-
kzfree(ptr);
777
-
kzfree(ptr);
776
+
kfree_sensitive(ptr);
777
+
kfree_sensitive(ptr);
778
778
}
779
779
780
780
#ifdef CONFIG_KASAN_VMALLOC
+4
-4
mm/slab_common.c
+4
-4
mm/slab_common.c
···
1729
1729
EXPORT_SYMBOL(krealloc);
1730
1730
1731
1731
/**
1732
-
* kzfree - like kfree but zero memory
1732
+
* kfree_sensitive - Clear sensitive information in memory before freeing
1733
1733
* @p: object to free memory of
1734
1734
*
1735
1735
* The memory of the object @p points to is zeroed before freed.
1736
-
* If @p is %NULL, kzfree() does nothing.
1736
+
* If @p is %NULL, kfree_sensitive() does nothing.
1737
1737
*
1738
1738
* Note: this function zeroes the whole allocated buffer which can be a good
1739
1739
* deal bigger than the requested buffer size passed to kmalloc(). So be
1740
1740
* careful when using this function in performance sensitive code.
1741
1741
*/
1742
-
void kzfree(const void *p)
1742
+
void kfree_sensitive(const void *p)
1743
1743
{
1744
1744
size_t ks;
1745
1745
void *mem = (void *)p;
···
1750
1750
memzero_explicit(mem, ks);
1751
1751
kfree(mem);
1752
1752
}
1753
-
EXPORT_SYMBOL(kzfree);
1753
+
EXPORT_SYMBOL(kfree_sensitive);
1754
1754
1755
1755
/**
1756
1756
* ksize - get the actual amount of memory allocated for a given object
+2
-2
net/atm/mpoa_caches.c
+2
-2
net/atm/mpoa_caches.c
···
180
180
static void in_cache_put(in_cache_entry *entry)
181
181
{
182
182
if (refcount_dec_and_test(&entry->use)) {
183
-
kzfree(entry);
183
+
kfree_sensitive(entry);
184
184
}
185
185
}
186
186
···
415
415
static void eg_cache_put(eg_cache_entry *entry)
416
416
{
417
417
if (refcount_dec_and_test(&entry->use)) {
418
-
kzfree(entry);
418
+
kfree_sensitive(entry);
419
419
}
420
420
}
421
421
+3
-3
net/bluetooth/ecdh_helper.c
+3
-3
net/bluetooth/ecdh_helper.c
···
104
104
free_all:
105
105
kpp_request_free(req);
106
106
free_tmp:
107
-
kzfree(tmp);
107
+
kfree_sensitive(tmp);
108
108
return err;
109
109
}
110
110
···
151
151
err = crypto_kpp_set_secret(tfm, buf, buf_len);
152
152
/* fall through */
153
153
free_all:
154
-
kzfree(buf);
154
+
kfree_sensitive(buf);
155
155
free_tmp:
156
-
kzfree(tmp);
156
+
kfree_sensitive(tmp);
157
157
return err;
158
158
}
159
159
+12
-12
net/bluetooth/smp.c
+12
-12
net/bluetooth/smp.c
···
753
753
complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
754
754
mgmt_smp_complete(hcon, complete);
755
755
756
-
kzfree(smp->csrk);
757
-
kzfree(smp->slave_csrk);
758
-
kzfree(smp->link_key);
756
+
kfree_sensitive(smp->csrk);
757
+
kfree_sensitive(smp->slave_csrk);
758
+
kfree_sensitive(smp->link_key);
759
759
760
760
crypto_free_shash(smp->tfm_cmac);
761
761
crypto_free_kpp(smp->tfm_ecdh);
···
789
789
}
790
790
791
791
chan->data = NULL;
792
-
kzfree(smp);
792
+
kfree_sensitive(smp);
793
793
hci_conn_drop(hcon);
794
794
}
795
795
···
1156
1156
const u8 salt[16] = { 0x31, 0x70, 0x6d, 0x74 };
1157
1157
1158
1158
if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) {
1159
-
kzfree(smp->link_key);
1159
+
kfree_sensitive(smp->link_key);
1160
1160
smp->link_key = NULL;
1161
1161
return;
1162
1162
}
···
1165
1165
const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
1166
1166
1167
1167
if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
1168
-
kzfree(smp->link_key);
1168
+
kfree_sensitive(smp->link_key);
1169
1169
smp->link_key = NULL;
1170
1170
return;
1171
1171
}
1172
1172
}
1173
1173
1174
1174
if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
1175
-
kzfree(smp->link_key);
1175
+
kfree_sensitive(smp->link_key);
1176
1176
smp->link_key = NULL;
1177
1177
return;
1178
1178
}
···
1407
1407
free_shash:
1408
1408
crypto_free_shash(smp->tfm_cmac);
1409
1409
zfree_smp:
1410
-
kzfree(smp);
1410
+
kfree_sensitive(smp);
1411
1411
return NULL;
1412
1412
}
1413
1413
···
3278
3278
tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
3279
3279
if (IS_ERR(tfm_cmac)) {
3280
3280
BT_ERR("Unable to create CMAC crypto context");
3281
-
kzfree(smp);
3281
+
kfree_sensitive(smp);
3282
3282
return ERR_CAST(tfm_cmac);
3283
3283
}
3284
3284
···
3286
3286
if (IS_ERR(tfm_ecdh)) {
3287
3287
BT_ERR("Unable to create ECDH crypto context");
3288
3288
crypto_free_shash(tfm_cmac);
3289
-
kzfree(smp);
3289
+
kfree_sensitive(smp);
3290
3290
return ERR_CAST(tfm_ecdh);
3291
3291
}
3292
3292
···
3300
3300
if (smp) {
3301
3301
crypto_free_shash(smp->tfm_cmac);
3302
3302
crypto_free_kpp(smp->tfm_ecdh);
3303
-
kzfree(smp);
3303
+
kfree_sensitive(smp);
3304
3304
}
3305
3305
return ERR_PTR(-ENOMEM);
3306
3306
}
···
3347
3347
chan->data = NULL;
3348
3348
crypto_free_shash(smp->tfm_cmac);
3349
3349
crypto_free_kpp(smp->tfm_ecdh);
3350
-
kzfree(smp);
3350
+
kfree_sensitive(smp);
3351
3351
}
3352
3352
3353
3353
l2cap_chan_put(chan);
+1
-1
net/core/sock.c
+1
-1
net/core/sock.c
+1
-1
net/ipv4/tcp_fastopen.c
+1
-1
net/ipv4/tcp_fastopen.c
+2
-2
net/mac80211/aead_api.c
+2
-2
net/mac80211/aead_api.c
···
41
41
aead_request_set_ad(aead_req, sg[0].length);
42
42
43
43
crypto_aead_encrypt(aead_req);
44
-
kzfree(aead_req);
44
+
kfree_sensitive(aead_req);
45
45
46
46
return 0;
47
47
}
···
76
76
aead_request_set_ad(aead_req, sg[0].length);
77
77
78
78
err = crypto_aead_decrypt(aead_req);
79
-
kzfree(aead_req);
79
+
kfree_sensitive(aead_req);
80
80
81
81
return err;
82
82
}
+1
-1
net/mac80211/aes_gmac.c
+1
-1
net/mac80211/aes_gmac.c
+1
-1
net/mac80211/key.c
+1
-1
net/mac80211/key.c
+10
-10
net/mac802154/llsec.c
+10
-10
net/mac802154/llsec.c
···
49
49
50
50
msl = container_of(sl, struct mac802154_llsec_seclevel, level);
51
51
list_del(&sl->list);
52
-
kzfree(msl);
52
+
kfree_sensitive(msl);
53
53
}
54
54
55
55
list_for_each_entry_safe(dev, dn, &sec->table.devices, list) {
···
66
66
mkey = container_of(key->key, struct mac802154_llsec_key, key);
67
67
list_del(&key->list);
68
68
llsec_key_put(mkey);
69
-
kzfree(key);
69
+
kfree_sensitive(key);
70
70
}
71
71
}
72
72
···
155
155
if (key->tfm[i])
156
156
crypto_free_aead(key->tfm[i]);
157
157
158
-
kzfree(key);
158
+
kfree_sensitive(key);
159
159
return NULL;
160
160
}
161
161
···
170
170
crypto_free_aead(key->tfm[i]);
171
171
172
172
crypto_free_sync_skcipher(key->tfm0);
173
-
kzfree(key);
173
+
kfree_sensitive(key);
174
174
}
175
175
176
176
static struct mac802154_llsec_key*
···
261
261
return 0;
262
262
263
263
fail:
264
-
kzfree(new);
264
+
kfree_sensitive(new);
265
265
return -ENOMEM;
266
266
}
267
267
···
341
341
devkey);
342
342
343
343
list_del(&pos->list);
344
-
kzfree(devkey);
344
+
kfree_sensitive(devkey);
345
345
}
346
346
347
-
kzfree(dev);
347
+
kfree_sensitive(dev);
348
348
}
349
349
350
350
int mac802154_llsec_dev_add(struct mac802154_llsec *sec,
···
682
682
683
683
rc = crypto_aead_encrypt(req);
684
684
685
-
kzfree(req);
685
+
kfree_sensitive(req);
686
686
687
687
return rc;
688
688
}
···
886
886
887
887
rc = crypto_aead_decrypt(req);
888
888
889
-
kzfree(req);
889
+
kfree_sensitive(req);
890
890
skb_trim(skb, skb->len - authlen);
891
891
892
892
return rc;
···
926
926
if (!devkey)
927
927
list_add_rcu(&next->devkey.list, &dev->dev.keys);
928
928
else
929
-
kzfree(next);
929
+
kfree_sensitive(next);
930
930
931
931
spin_unlock_bh(&dev->lock);
932
932
}
+1
-1
net/sctp/auth.c
+1
-1
net/sctp/auth.c
+2
-2
net/sunrpc/auth_gss/gss_krb5_crypto.c
+2
-2
net/sunrpc/auth_gss/gss_krb5_crypto.c
···
1003
1003
err = 0;
1004
1004
1005
1005
out_err:
1006
-
kzfree(desc);
1006
+
kfree_sensitive(desc);
1007
1007
crypto_free_shash(hmac);
1008
1008
dprintk("%s: returning %d\n", __func__, err);
1009
1009
return err;
···
1079
1079
err = 0;
1080
1080
1081
1081
out_err:
1082
-
kzfree(desc);
1082
+
kfree_sensitive(desc);
1083
1083
crypto_free_shash(hmac);
1084
1084
dprintk("%s: returning %d\n", __func__, err);
1085
1085
return err;
+3
-3
net/sunrpc/auth_gss/gss_krb5_keys.c
+3
-3
net/sunrpc/auth_gss/gss_krb5_keys.c
···
228
228
ret = 0;
229
229
230
230
err_free_raw:
231
-
kzfree(rawkey);
231
+
kfree_sensitive(rawkey);
232
232
err_free_out:
233
-
kzfree(outblockdata);
233
+
kfree_sensitive(outblockdata);
234
234
err_free_in:
235
-
kzfree(inblockdata);
235
+
kfree_sensitive(inblockdata);
236
236
err_free_cipher:
237
237
crypto_free_sync_skcipher(cipher);
238
238
err_return:
+1
-1
net/sunrpc/auth_gss/gss_krb5_mech.c
+1
-1
net/sunrpc/auth_gss/gss_krb5_mech.c
+5
-5
net/tipc/crypto.c
+5
-5
net/tipc/crypto.c
···
441
441
/* Allocate per-cpu TFM entry pointer */
442
442
tmp->tfm_entry = alloc_percpu(struct tipc_tfm *);
443
443
if (!tmp->tfm_entry) {
444
-
kzfree(tmp);
444
+
kfree_sensitive(tmp);
445
445
return -ENOMEM;
446
446
}
447
447
···
491
491
/* Not any TFM is allocated? */
492
492
if (!tfm_cnt) {
493
493
free_percpu(tmp->tfm_entry);
494
-
kzfree(tmp);
494
+
kfree_sensitive(tmp);
495
495
return err;
496
496
}
497
497
···
545
545
546
546
aead->tfm_entry = alloc_percpu_gfp(struct tipc_tfm *, GFP_ATOMIC);
547
547
if (unlikely(!aead->tfm_entry)) {
548
-
kzfree(aead);
548
+
kfree_sensitive(aead);
549
549
return -ENOMEM;
550
550
}
551
551
···
1352
1352
/* Allocate statistic structure */
1353
1353
c->stats = alloc_percpu_gfp(struct tipc_crypto_stats, GFP_ATOMIC);
1354
1354
if (!c->stats) {
1355
-
kzfree(c);
1355
+
kfree_sensitive(c);
1356
1356
return -ENOMEM;
1357
1357
}
1358
1358
···
1408
1408
free_percpu(c->stats);
1409
1409
1410
1410
*crypto = NULL;
1411
-
kzfree(c);
1411
+
kfree_sensitive(c);
1412
1412
}
1413
1413
1414
1414
void tipc_crypto_timeout(struct tipc_crypto *rx)
+1
-1
net/wireless/core.c
+1
-1
net/wireless/core.c
+2
-2
net/wireless/ibss.c
+2
-2
net/wireless/ibss.c
···
127
127
return -EINVAL;
128
128
129
129
if (WARN_ON(wdev->connect_keys))
130
-
kzfree(wdev->connect_keys);
130
+
kfree_sensitive(wdev->connect_keys);
131
131
wdev->connect_keys = connkeys;
132
132
133
133
wdev->ibss_fixed = params->channel_fixed;
···
161
161
162
162
ASSERT_WDEV_LOCK(wdev);
163
163
164
-
kzfree(wdev->connect_keys);
164
+
kfree_sensitive(wdev->connect_keys);
165
165
wdev->connect_keys = NULL;
166
166
167
167
rdev_set_qos_map(rdev, dev, NULL);
+1
-1
net/wireless/lib80211_crypt_tkip.c
+1
-1
net/wireless/lib80211_crypt_tkip.c
+1
-1
net/wireless/lib80211_crypt_wep.c
+1
-1
net/wireless/lib80211_crypt_wep.c
+12
-12
net/wireless/nl80211.c
+12
-12
net/wireless/nl80211.c
···
9836
9836
9837
9837
if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9838
9838
no_ht) {
9839
-
kzfree(connkeys);
9839
+
kfree_sensitive(connkeys);
9840
9840
return -EINVAL;
9841
9841
}
9842
9842
}
···
9848
9848
int r = validate_pae_over_nl80211(rdev, info);
9849
9849
9850
9850
if (r < 0) {
9851
-
kzfree(connkeys);
9851
+
kfree_sensitive(connkeys);
9852
9852
return r;
9853
9853
}
9854
9854
···
9861
9861
wdev_lock(dev->ieee80211_ptr);
9862
9862
err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9863
9863
if (err)
9864
-
kzfree(connkeys);
9864
+
kfree_sensitive(connkeys);
9865
9865
else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9866
9866
dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9867
9867
wdev_unlock(dev->ieee80211_ptr);
···
10289
10289
10290
10290
if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10291
10291
if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10292
-
kzfree(connkeys);
10292
+
kfree_sensitive(connkeys);
10293
10293
return -EINVAL;
10294
10294
}
10295
10295
memcpy(&connect.ht_capa,
···
10307
10307
10308
10308
if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10309
10309
if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10310
-
kzfree(connkeys);
10310
+
kfree_sensitive(connkeys);
10311
10311
return -EINVAL;
10312
10312
}
10313
10313
memcpy(&connect.vht_capa,
···
10321
10321
(rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10322
10322
!wiphy_ext_feature_isset(&rdev->wiphy,
10323
10323
NL80211_EXT_FEATURE_RRM)) {
10324
-
kzfree(connkeys);
10324
+
kfree_sensitive(connkeys);
10325
10325
return -EINVAL;
10326
10326
}
10327
10327
connect.flags |= ASSOC_REQ_USE_RRM;
···
10329
10329
10330
10330
connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10331
10331
if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10332
-
kzfree(connkeys);
10332
+
kfree_sensitive(connkeys);
10333
10333
return -EOPNOTSUPP;
10334
10334
}
10335
10335
10336
10336
if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10337
10337
/* bss selection makes no sense if bssid is set */
10338
10338
if (connect.bssid) {
10339
-
kzfree(connkeys);
10339
+
kfree_sensitive(connkeys);
10340
10340
return -EINVAL;
10341
10341
}
10342
10342
10343
10343
err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10344
10344
wiphy, &connect.bss_select);
10345
10345
if (err) {
10346
-
kzfree(connkeys);
10346
+
kfree_sensitive(connkeys);
10347
10347
return err;
10348
10348
}
10349
10349
}
···
10373
10373
info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10374
10374
info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10375
10375
info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10376
-
kzfree(connkeys);
10376
+
kfree_sensitive(connkeys);
10377
10377
return -EINVAL;
10378
10378
}
10379
10379
10380
10380
if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10381
10381
if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10382
-
kzfree(connkeys);
10382
+
kfree_sensitive(connkeys);
10383
10383
GENL_SET_ERR_MSG(info,
10384
10384
"external auth requires connection ownership");
10385
10385
return -EINVAL;
···
10392
10392
err = cfg80211_connect(rdev, dev, &connect, connkeys,
10393
10393
connect.prev_bssid);
10394
10394
if (err)
10395
-
kzfree(connkeys);
10395
+
kfree_sensitive(connkeys);
10396
10396
10397
10397
if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10398
10398
dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
+3
-3
net/wireless/sme.c
+3
-3
net/wireless/sme.c
···
742
742
}
743
743
744
744
if (cr->status != WLAN_STATUS_SUCCESS) {
745
-
kzfree(wdev->connect_keys);
745
+
kfree_sensitive(wdev->connect_keys);
746
746
wdev->connect_keys = NULL;
747
747
wdev->ssid_len = 0;
748
748
wdev->conn_owner_nlportid = 0;
···
1098
1098
wdev->current_bss = NULL;
1099
1099
wdev->ssid_len = 0;
1100
1100
wdev->conn_owner_nlportid = 0;
1101
-
kzfree(wdev->connect_keys);
1101
+
kfree_sensitive(wdev->connect_keys);
1102
1102
wdev->connect_keys = NULL;
1103
1103
1104
1104
nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap);
···
1281
1281
1282
1282
ASSERT_WDEV_LOCK(wdev);
1283
1283
1284
-
kzfree(wdev->connect_keys);
1284
+
kfree_sensitive(wdev->connect_keys);
1285
1285
wdev->connect_keys = NULL;
1286
1286
1287
1287
wdev->conn_owner_nlportid = 0;
+1
-1
net/wireless/util.c
+1
-1
net/wireless/util.c
+1
-1
net/wireless/wext-sme.c
+1
-1
net/wireless/wext-sme.c
+2
-2
scripts/coccinelle/free/devm_free.cocci
+2
-2
scripts/coccinelle/free/devm_free.cocci
+2
-2
scripts/coccinelle/free/ifnullfree.cocci
+2
-2
scripts/coccinelle/free/ifnullfree.cocci
···
21
21
(
22
22
kfree(E);
23
23
|
24
-
kzfree(E);
24
+
kfree_sensitive(E);
25
25
|
26
26
debugfs_remove(E);
27
27
|
···
42
42
@@
43
43
44
44
* if (E != NULL)
45
-
* \(kfree@p\|kzfree@p\|debugfs_remove@p\|debugfs_remove_recursive@p\|
45
+
* \(kfree@p\|kfree_sensitive@p\|debugfs_remove@p\|debugfs_remove_recursive@p\|
46
46
* usb_free_urb@p\|kmem_cache_destroy@p\|mempool_destroy@p\|
47
47
* dma_pool_destroy@p\)(E);
48
48
+3
-3
scripts/coccinelle/free/kfree.cocci
+3
-3
scripts/coccinelle/free/kfree.cocci
···
24
24
(
25
25
* kfree@p1(E)
26
26
|
27
-
* kzfree@p1(E)
27
+
* kfree_sensitive@p1(E)
28
28
)
29
29
30
30
@print expression@
···
68
68
(
69
69
* kfree@ok(E)
70
70
|
71
-
* kzfree@ok(E)
71
+
* kfree_sensitive@ok(E)
72
72
)
73
73
... when != break;
74
74
when != goto l;
···
86
86
(
87
87
* kfree@p1(E,...)
88
88
|
89
-
* kzfree@p1(E,...)
89
+
* kfree_sensitive@p1(E,...)
90
90
)
91
91
...
92
92
(
+1
-1
scripts/coccinelle/free/kfreeaddr.cocci
+1
-1
scripts/coccinelle/free/kfreeaddr.cocci
+2
-2
security/apparmor/domain.c
+2
-2
security/apparmor/domain.c
+1
-1
security/apparmor/include/file.h
+1
-1
security/apparmor/include/file.h
+12
-12
security/apparmor/policy.c
+12
-12
security/apparmor/policy.c
···
187
187
{
188
188
struct aa_data *data = ptr;
189
189
190
-
kzfree(data->data);
191
-
kzfree(data->key);
192
-
kzfree(data);
190
+
kfree_sensitive(data->data);
191
+
kfree_sensitive(data->key);
192
+
kfree_sensitive(data);
193
193
}
194
194
195
195
/**
···
217
217
aa_put_profile(rcu_access_pointer(profile->parent));
218
218
219
219
aa_put_ns(profile->ns);
220
-
kzfree(profile->rename);
220
+
kfree_sensitive(profile->rename);
221
221
222
222
aa_free_file_rules(&profile->file);
223
223
aa_free_cap_rules(&profile->caps);
224
224
aa_free_rlimit_rules(&profile->rlimits);
225
225
226
226
for (i = 0; i < profile->xattr_count; i++)
227
-
kzfree(profile->xattrs[i]);
228
-
kzfree(profile->xattrs);
227
+
kfree_sensitive(profile->xattrs[i]);
228
+
kfree_sensitive(profile->xattrs);
229
229
for (i = 0; i < profile->secmark_count; i++)
230
-
kzfree(profile->secmark[i].label);
231
-
kzfree(profile->secmark);
232
-
kzfree(profile->dirname);
230
+
kfree_sensitive(profile->secmark[i].label);
231
+
kfree_sensitive(profile->secmark);
232
+
kfree_sensitive(profile->dirname);
233
233
aa_put_dfa(profile->xmatch);
234
234
aa_put_dfa(profile->policy.dfa);
235
235
···
237
237
rht = profile->data;
238
238
profile->data = NULL;
239
239
rhashtable_free_and_destroy(rht, aa_free_data, NULL);
240
-
kzfree(rht);
240
+
kfree_sensitive(rht);
241
241
}
242
242
243
-
kzfree(profile->hash);
243
+
kfree_sensitive(profile->hash);
244
244
aa_put_loaddata(profile->rawdata);
245
245
aa_label_destroy(&profile->label);
246
246
247
-
kzfree(profile);
247
+
kfree_sensitive(profile);
248
248
}
249
249
250
250
/**
+3
-3
security/apparmor/policy_ns.c
+3
-3
security/apparmor/policy_ns.c
···
121
121
return ns;
122
122
123
123
fail_unconfined:
124
-
kzfree(ns->base.hname);
124
+
kfree_sensitive(ns->base.hname);
125
125
fail_ns:
126
-
kzfree(ns);
126
+
kfree_sensitive(ns);
127
127
return NULL;
128
128
}
129
129
···
145
145
146
146
ns->unconfined->ns = NULL;
147
147
aa_free_profile(ns->unconfined);
148
-
kzfree(ns);
148
+
kfree_sensitive(ns);
149
149
}
150
150
151
151
/**
+7
-7
security/apparmor/policy_unpack.c
+7
-7
security/apparmor/policy_unpack.c
···
163
163
aa_put_ns(ns);
164
164
}
165
165
166
-
kzfree(d->hash);
167
-
kzfree(d->name);
166
+
kfree_sensitive(d->hash);
167
+
kfree_sensitive(d->name);
168
168
kvfree(d->data);
169
-
kzfree(d);
169
+
kfree_sensitive(d);
170
170
}
171
171
172
172
void aa_loaddata_kref(struct kref *kref)
···
894
894
while (unpack_strdup(e, &key, NULL)) {
895
895
data = kzalloc(sizeof(*data), GFP_KERNEL);
896
896
if (!data) {
897
-
kzfree(key);
897
+
kfree_sensitive(key);
898
898
goto fail;
899
899
}
900
900
···
902
902
data->size = unpack_blob(e, &data->data, NULL);
903
903
data->data = kvmemdup(data->data, data->size);
904
904
if (data->size && !data->data) {
905
-
kzfree(data->key);
906
-
kzfree(data);
905
+
kfree_sensitive(data->key);
906
+
kfree_sensitive(data);
907
907
goto fail;
908
908
}
909
909
···
1037
1037
aa_put_profile(ent->old);
1038
1038
aa_put_profile(ent->new);
1039
1039
kfree(ent->ns_name);
1040
-
kzfree(ent);
1040
+
kfree_sensitive(ent);
1041
1041
}
1042
1042
}
1043
1043
+3
-3
security/keys/big_key.c
+3
-3
security/keys/big_key.c
···
138
138
err_fput:
139
139
fput(file);
140
140
err_enckey:
141
-
kzfree(enckey);
141
+
kfree_sensitive(enckey);
142
142
error:
143
143
memzero_explicit(buf, enclen);
144
144
kvfree(buf);
···
155
155
156
156
path_put(path);
157
157
}
158
-
kzfree(prep->payload.data[big_key_data]);
158
+
kfree_sensitive(prep->payload.data[big_key_data]);
159
159
}
160
160
161
161
/*
···
187
187
path->mnt = NULL;
188
188
path->dentry = NULL;
189
189
}
190
-
kzfree(key->payload.data[big_key_data]);
190
+
kfree_sensitive(key->payload.data[big_key_data]);
191
191
key->payload.data[big_key_data] = NULL;
192
192
}
193
193
+7
-7
security/keys/dh.c
+7
-7
security/keys/dh.c
···
58
58
59
59
static void dh_free_data(struct dh *dh)
60
60
{
61
-
kzfree(dh->key);
62
-
kzfree(dh->p);
63
-
kzfree(dh->g);
61
+
kfree_sensitive(dh->key);
62
+
kfree_sensitive(dh->p);
63
+
kfree_sensitive(dh->g);
64
64
}
65
65
66
66
struct dh_completion {
···
126
126
if (sdesc->shash.tfm)
127
127
crypto_free_shash(sdesc->shash.tfm);
128
128
129
-
kzfree(sdesc);
129
+
kfree_sensitive(sdesc);
130
130
}
131
131
132
132
/*
···
220
220
ret = -EFAULT;
221
221
222
222
err:
223
-
kzfree(outbuf);
223
+
kfree_sensitive(outbuf);
224
224
return ret;
225
225
}
226
226
···
395
395
out6:
396
396
kpp_request_free(req);
397
397
out5:
398
-
kzfree(outbuf);
398
+
kfree_sensitive(outbuf);
399
399
out4:
400
400
crypto_free_kpp(tfm);
401
401
out3:
402
-
kzfree(secret);
402
+
kfree_sensitive(secret);
403
403
out2:
404
404
dh_free_data(&dh_inputs);
405
405
out1:
+7
-7
security/keys/encrypted-keys/encrypted.c
+7
-7
security/keys/encrypted-keys/encrypted.c
···
370
370
master_keylen);
371
371
ret = crypto_shash_tfm_digest(hash_tfm, derived_buf, derived_buf_len,
372
372
derived_key);
373
-
kzfree(derived_buf);
373
+
kfree_sensitive(derived_buf);
374
374
return ret;
375
375
}
376
376
···
812
812
ret = encrypted_init(epayload, key->description, format, master_desc,
813
813
decrypted_datalen, hex_encoded_iv);
814
814
if (ret < 0) {
815
-
kzfree(epayload);
815
+
kfree_sensitive(epayload);
816
816
goto out;
817
817
}
818
818
819
819
rcu_assign_keypointer(key, epayload);
820
820
out:
821
-
kzfree(datablob);
821
+
kfree_sensitive(datablob);
822
822
return ret;
823
823
}
824
824
···
827
827
struct encrypted_key_payload *epayload;
828
828
829
829
epayload = container_of(rcu, struct encrypted_key_payload, rcu);
830
-
kzfree(epayload);
830
+
kfree_sensitive(epayload);
831
831
}
832
832
833
833
/*
···
885
885
rcu_assign_keypointer(key, new_epayload);
886
886
call_rcu(&epayload->rcu, encrypted_rcu_free);
887
887
out:
888
-
kzfree(buf);
888
+
kfree_sensitive(buf);
889
889
return ret;
890
890
}
891
891
···
946
946
memzero_explicit(derived_key, sizeof(derived_key));
947
947
948
948
memcpy(buffer, ascii_buf, asciiblob_len);
949
-
kzfree(ascii_buf);
949
+
kfree_sensitive(ascii_buf);
950
950
951
951
return asciiblob_len;
952
952
out:
···
961
961
*/
962
962
static void encrypted_destroy(struct key *key)
963
963
{
964
-
kzfree(key->payload.data[0]);
964
+
kfree_sensitive(key->payload.data[0]);
965
965
}
966
966
967
967
struct key_type key_type_encrypted = {
+17
-17
security/keys/trusted-keys/trusted_tpm1.c
+17
-17
security/keys/trusted-keys/trusted_tpm1.c
···
68
68
}
69
69
70
70
ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
71
-
kzfree(sdesc);
71
+
kfree_sensitive(sdesc);
72
72
return ret;
73
73
}
74
74
···
112
112
if (!ret)
113
113
ret = crypto_shash_final(&sdesc->shash, digest);
114
114
out:
115
-
kzfree(sdesc);
115
+
kfree_sensitive(sdesc);
116
116
return ret;
117
117
}
118
118
···
166
166
paramdigest, TPM_NONCE_SIZE, h1,
167
167
TPM_NONCE_SIZE, h2, 1, &c, 0, 0);
168
168
out:
169
-
kzfree(sdesc);
169
+
kfree_sensitive(sdesc);
170
170
return ret;
171
171
}
172
172
EXPORT_SYMBOL_GPL(TSS_authhmac);
···
251
251
if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
252
252
ret = -EINVAL;
253
253
out:
254
-
kzfree(sdesc);
254
+
kfree_sensitive(sdesc);
255
255
return ret;
256
256
}
257
257
EXPORT_SYMBOL_GPL(TSS_checkhmac1);
···
353
353
if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
354
354
ret = -EINVAL;
355
355
out:
356
-
kzfree(sdesc);
356
+
kfree_sensitive(sdesc);
357
357
return ret;
358
358
}
359
359
···
563
563
*bloblen = storedsize;
564
564
}
565
565
out:
566
-
kzfree(td);
566
+
kfree_sensitive(td);
567
567
return ret;
568
568
}
569
569
···
1031
1031
if (!ret && options->pcrlock)
1032
1032
ret = pcrlock(options->pcrlock);
1033
1033
out:
1034
-
kzfree(datablob);
1035
-
kzfree(options);
1034
+
kfree_sensitive(datablob);
1035
+
kfree_sensitive(options);
1036
1036
if (!ret)
1037
1037
rcu_assign_keypointer(key, payload);
1038
1038
else
1039
-
kzfree(payload);
1039
+
kfree_sensitive(payload);
1040
1040
return ret;
1041
1041
}
1042
1042
···
1045
1045
struct trusted_key_payload *p;
1046
1046
1047
1047
p = container_of(rcu, struct trusted_key_payload, rcu);
1048
-
kzfree(p);
1048
+
kfree_sensitive(p);
1049
1049
}
1050
1050
1051
1051
/*
···
1087
1087
ret = datablob_parse(datablob, new_p, new_o);
1088
1088
if (ret != Opt_update) {
1089
1089
ret = -EINVAL;
1090
-
kzfree(new_p);
1090
+
kfree_sensitive(new_p);
1091
1091
goto out;
1092
1092
}
1093
1093
1094
1094
if (!new_o->keyhandle) {
1095
1095
ret = -EINVAL;
1096
-
kzfree(new_p);
1096
+
kfree_sensitive(new_p);
1097
1097
goto out;
1098
1098
}
1099
1099
···
1107
1107
ret = key_seal(new_p, new_o);
1108
1108
if (ret < 0) {
1109
1109
pr_info("trusted_key: key_seal failed (%d)\n", ret);
1110
-
kzfree(new_p);
1110
+
kfree_sensitive(new_p);
1111
1111
goto out;
1112
1112
}
1113
1113
if (new_o->pcrlock) {
1114
1114
ret = pcrlock(new_o->pcrlock);
1115
1115
if (ret < 0) {
1116
1116
pr_info("trusted_key: pcrlock failed (%d)\n", ret);
1117
-
kzfree(new_p);
1117
+
kfree_sensitive(new_p);
1118
1118
goto out;
1119
1119
}
1120
1120
}
1121
1121
rcu_assign_keypointer(key, new_p);
1122
1122
call_rcu(&p->rcu, trusted_rcu_free);
1123
1123
out:
1124
-
kzfree(datablob);
1125
-
kzfree(new_o);
1124
+
kfree_sensitive(datablob);
1125
+
kfree_sensitive(new_o);
1126
1126
return ret;
1127
1127
}
1128
1128
···
1154
1154
*/
1155
1155
static void trusted_destroy(struct key *key)
1156
1156
{
1157
-
kzfree(key->payload.data[0]);
1157
+
kfree_sensitive(key->payload.data[0]);
1158
1158
}
1159
1159
1160
1160
struct key_type key_type_trusted = {
+3
-3
security/keys/user_defined.c
+3
-3
security/keys/user_defined.c
···
82
82
*/
83
83
void user_free_preparse(struct key_preparsed_payload *prep)
84
84
{
85
-
kzfree(prep->payload.data[0]);
85
+
kfree_sensitive(prep->payload.data[0]);
86
86
}
87
87
EXPORT_SYMBOL_GPL(user_free_preparse);
88
88
···
91
91
struct user_key_payload *payload;
92
92
93
93
payload = container_of(head, struct user_key_payload, rcu);
94
-
kzfree(payload);
94
+
kfree_sensitive(payload);
95
95
}
96
96
97
97
/*
···
147
147
{
148
148
struct user_key_payload *upayload = key->payload.data[0];
149
149
150
-
kzfree(upayload);
150
+
kfree_sensitive(upayload);
151
151
}
152
152
153
153
EXPORT_SYMBOL_GPL(user_destroy);