1 files changed, 8 insertions, 4 deletions

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 4cc3809b2a3a..971241409c30 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2058,9 +2058,6 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
 
         ret = crypt_setkey(cc);
 
-        /* wipe the kernel key payload copy in each case */
-        memset(cc->key, 0, cc->key_size * sizeof(u8));
-
         if (!ret) {
                 set_bit(DM_CRYPT_KEY_VALID, &cc->flags);
                 kzfree(cc->key_string);
@@ -2528,6 +2525,10 @@ static int crypt_ctr_cipher(struct dm_target *ti, char *cipher_in, char *key)
                 }
         }
 
+        /* wipe the kernel key payload copy */
+        if (cc->key_string)
+                memset(cc->key, 0, cc->key_size * sizeof(u8));
+
         return ret;
 }
 
@@ -2966,6 +2967,9 @@ static int crypt_message(struct dm_target *ti, unsigned argc, char **argv)
                                 return ret;
                         if (cc->iv_gen_ops && cc->iv_gen_ops->init)
                                 ret = cc->iv_gen_ops->init(cc);
+                        /* wipe the kernel key payload copy */
+                        if (cc->key_string)
+                                memset(cc->key, 0, cc->key_size * sizeof(u8));
                         return ret;
                 }
                 if (argc == 2 && !strcasecmp(argv[1], "wipe")) {
@@ -3012,7 +3016,7 @@ static void crypt_io_hints(struct dm_target *ti, struct queue_limits *limits)
 
 static struct target_type crypt_target = {
         .name   = "crypt",
-        .version = {1, 18, 0},
+        .version = {1, 18, 1},
         .module = THIS_MODULE,
         .ctr    = crypt_ctr,
         .dtr    = crypt_dtr,