On Sun, 2020-06-14 at 22:42 +0300, Denis Efremov wrote: > On 6/4/20 7:27 PM, Joe Perches wrote: > > On Thu, 2020-06-04 at 17:08 +0300, Denis Efremov wrote: > > > Check for memset() with 0 followed by kfree(). > > > > Perhaps those uses should be memzero_explicit or kvfree_sensitive. > > > Is it safe to suggest to use kzfree instead of memzero_explicit && kfree? > Or it would be better to use kvfree_sensitive in this case. > kzfree uses memset(0) with no barrier_data. > > For example: > diff -u -p a/drivers/crypto/inside-secure/safexcel_hash.c > b/drivers/crypto/inside-secure/safexcel_hash.c [] > @@ -1081,8 +1081,7 @@ static int safexcel_hmac_init_pad(struct > } > > /* Avoid leaking */ > - memzero_explicit(keydup, keylen); > - kfree(keydup); > + kzfree(keydup);
It would be better to use kvfree_sensitive() _______________________________________________ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci