security/apparmor: use kfree_sensitive() in unpack_secmark()
authorZilin Guan <zilin@seu.edu.cn>
Fri, 18 Apr 2025 04:52:50 +0000 (04:52 +0000)
committerJohn Johansen <john.johansen@canonical.com>
Sat, 17 May 2025 08:20:25 +0000 (01:20 -0700)
commit2b270e2f43d7498ba00117c60d196435983d83d7
treeaf8a4fadd641df64124013cf8d9f3a8d47e847a9
parent3e45553acb14692519db853e4b5be35b45e46ad0
security/apparmor: use kfree_sensitive() in unpack_secmark()

The unpack_secmark() function currently uses kfree() to release memory
allocated for secmark structures and their labels. However, if a failure
occurs after partially parsing secmark, sensitive data may remain in
memory, posing a security risk.

To mitigate this, replace kfree() with kfree_sensitive() for freeing
secmark structures and their labels, aligning with the approach used
in free_ruleset().

I am submitting this as an RFC to seek freedback on whether this change
is appropriate and aligns with the subsystem's expectations. If
confirmed to be helpful, I will send a formal patch.

Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/policy_unpack.c