[PATCH] KEYS: trusted: dcp: Use kfree_sensitive() to fix Coccinelle warnings

Bo Liu Thu, 20 Mar 2025 08:26:35 -0700

Replace memzero_explicit() and kfree() with kfree_sensitive() to fix
warnings reported by Coccinelle:


WARNING opportunity for kfree_sensitive/kvfree_sensitive
WARNING opportunity for kfree_sensitive/kvfree_sensitive

Signed-off-by: Bo Liu <liub...@inspur.com>
---
 security/keys/trusted-keys/trusted_dcp.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/security/keys/trusted-keys/trusted_dcp.c 
b/security/keys/trusted-keys/trusted_dcp.c
index 7b6eb655df0c..c967837e72ee 100644
--- a/security/keys/trusted-keys/trusted_dcp.c
+++ b/security/keys/trusted-keys/trusted_dcp.c
@@ -233,8 +233,7 @@ static int trusted_dcp_seal(struct trusted_key_payload *p, 
char *datablob)
        ret = 0;
 
 out:
-       memzero_explicit(plain_blob_key, AES_KEYSIZE_128);
-       kfree(plain_blob_key);
+       kfree_sensitive(plain_blob_key);
 
        return ret;
 }
@@ -283,8 +282,7 @@ static int trusted_dcp_unseal(struct trusted_key_payload 
*p, char *datablob)
        ret = 0;
 out:
        if (plain_blob_key) {
-               memzero_explicit(plain_blob_key, AES_KEYSIZE_128);
-               kfree(plain_blob_key);
+               kfree_sensitive(plain_blob_key);
        }
 
        return ret;
-- 
2.31.1

[PATCH] KEYS: trusted: dcp: Use kfree_sensitive() to fix Coccinelle warnings

Reply via email to