From: Jarkko Sakkinen <jarkko@kernel.org>
To: Gunnar Kudrjavets <gunnarku@amazon.com>
Cc: peterhuewe@gmx.de, jgg@ziepe.ca,
James.Bottomley@hansenpartnership.com, ardb@kernel.org,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
Justinien Bouron <jbouron@amazon.com>
Subject: Re: [PATCH] tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()
Date: Wed, 15 Apr 2026 05:22:24 +0300 [thread overview]
Message-ID: <ad72YI-lJJQWHJ_a@kernel.org> (raw)
In-Reply-To: <20260409172108.11600-1-gunnarku@amazon.com>
On Thu, Apr 09, 2026 at 05:20:54PM +0000, Gunnar Kudrjavets wrote:
> tpm_dev_release() uses plain kfree() to free chip->auth, which contains
> sensitive cryptographic material including HMAC session keys, nonces,
> and passphrase data (struct tpm2_auth).
>
> Every other code path that frees this structure uses kfree_sensitive()
> to zero the memory before releasing it: both tpm2_end_auth_session()
> and tpm_buf_check_hmac_response() do so. The tpm_dev_release() path
> is the only one that does not, leaving key material in freed slab
> memory until it is eventually overwritten.
>
> Use kfree_sensitive() for consistency with the rest of the driver and
> to ensure session keys are scrubbed during device teardown.
>
> Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
> Signed-off-by: Gunnar Kudrjavets <gunnarku@amazon.com>
> Reviewed-by: Justinien Bouron <jbouron@amazon.com>
> ---
> drivers/char/tpm/tpm-chip.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
> index 082b910ddf0d..17d9d71774ec 100644
> --- a/drivers/char/tpm/tpm-chip.c
> +++ b/drivers/char/tpm/tpm-chip.c
> @@ -247,7 +247,7 @@ static void tpm_dev_release(struct device *dev)
> kfree(chip->work_space.context_buf);
> kfree(chip->work_space.session_buf);
> #ifdef CONFIG_TCG_TPM2_HMAC
> - kfree(chip->auth);
> + kfree_sensitive(chip->auth);
> #endif
> kfree(chip);
> }
>
> base-commit: 03e5553f5fb99cb47c315e167a604a9c69e6f724
> --
> 2.47.3
>
Applied.
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
prev parent reply other threads:[~2026-04-15 2:22 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 17:20 [PATCH] tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() Gunnar Kudrjavets
2026-04-15 2:22 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad72YI-lJJQWHJ_a@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ardb@kernel.org \
--cc=gunnarku@amazon.com \
--cc=jbouron@amazon.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.