From 0d857f441ce384990ed31aa08283396fe11f9963 Mon Sep 17 00:00:00 2001
From: Yuriy Umanets <yumanets@nvidia.com>
Date: Thu, 10 Mar 2022 12:20:36 +0200
Subject: [PATCH] bdev/crypto: Zero out key and key2 before release.

Even released memory contains key and key2 until it is re-allocated
for other purposes. Zero out key and key2 when not longer needed.

Signed-off-by: Yuriy Umanets <yumanets@nvidia.com>
Change-Id: If80f3faeb98b5b5acab7f2f857f284909247d1ac
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/11877
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Community-CI: Mellanox Build Bot
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Shuhei Matsumoto <smatsumoto@nvidia.com>
Reviewed-by: Aleksey Marchuk <alexeymar@mellanox.com>
---
 module/bdev/crypto/vbdev_crypto.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/module/bdev/crypto/vbdev_crypto.c b/module/bdev/crypto/vbdev_crypto.c
index 6d9d32069..7927c6868 100644
--- a/module/bdev/crypto/vbdev_crypto.c
+++ b/module/bdev/crypto/vbdev_crypto.c
@@ -1693,11 +1693,17 @@ vbdev_crypto_insert_name(const char *bdev_name, const char *vbdev_name,
 
 	/* Error cleanup paths. */
 error_cipher:
-	free(name->key2);
+	if (name->key2) {
+		memset(name->key2, 0, strlen(name->key2));
+		free(name->key2);
+	}
 error_alloc_key2:
 error_invalid_key2:
 error_invalid_key:
-	free(name->key);
+	if (name->key) {
+		memset(name->key, 0, strlen(name->key));
+		free(name->key);
+	}
 error_alloc_key:
 error_invalid_pmd:
 	free(name->drv_name);
@@ -1759,10 +1765,14 @@ vbdev_crypto_finish(void)
 	while ((name = TAILQ_FIRST(&g_bdev_names))) {
 		TAILQ_REMOVE(&g_bdev_names, name, link);
 		free(name->drv_name);
+		memset(name->key, 0, strlen(name->key));
 		free(name->key);
 		free(name->bdev_name);
 		free(name->vbdev_name);
-		free(name->key2);
+		if (name->key2) {
+			memset(name->key2, 0, strlen(name->key2));
+			free(name->key2);
+		}
 		free(name);
 	}
 
@@ -2119,8 +2129,12 @@ delete_crypto_disk(struct spdk_bdev *bdev, spdk_delete_crypto_complete cb_fn,
 			free(name->bdev_name);
 			free(name->vbdev_name);
 			free(name->drv_name);
+			memset(name->key, 0, strlen(name->key));
 			free(name->key);
-			free(name->key2);
+			if (name->key2) {
+				memset(name->key2, 0, strlen(name->key2));
+				free(name->key2);
+			}
 			free(name);
 			break;
 		}