lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20250523133057.4025075-1-zilin@seu.edu.cn>
Date: Fri, 23 May 2025 13:30:57 +0000
From: Zilin Guan <zilin@....edu.cn>
To: qianweili@...wei.com
Cc: wangzhou1@...ilicon.com,
	herbert@...dor.apana.org.au,
	davem@...emloft.net,
	linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	jianhao.xu@....edu.cn,
	Zilin Guan <zilin@....edu.cn>
Subject: [PATCH] crypto: hisilicon: use kfree_sensitive() for pool cleanup

The error path of hisi_acc_create_sgl_pool() already calls
kfree_sensitive() to wipe sensitive data before freeing the pool.
However, hisi_acc_free_sgl_pool() currently uses plain kfree(), which
may leave secrets behind in memory and undo the protection applied
during creation.

This patch replaces kfree() with kfree_sensitive() in
hisi_acc_free_sgl_pool(), ensuring that all SGL pool deallocations
securely clear their contents.

Signed-off-by: Zilin Guan <zilin@....edu.cn>
---
 drivers/crypto/hisilicon/sgl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/hisilicon/sgl.c b/drivers/crypto/hisilicon/sgl.c
index c974f95cd126..6a88a2056708 100644
--- a/drivers/crypto/hisilicon/sgl.c
+++ b/drivers/crypto/hisilicon/sgl.c
@@ -151,7 +151,7 @@ void hisi_acc_free_sgl_pool(struct device *dev, struct hisi_acc_sgl_pool *pool)
 		dma_free_coherent(dev, block[i].size, block[i].sgl,
 				  block[i].sgl_dma);
 
-	kfree(pool);
+	kfree_sensitive(pool);
 }
 EXPORT_SYMBOL_GPL(hisi_acc_free_sgl_pool);
 
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ