lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 16 Feb 2009 14:56:43 +0100
From:	Johannes Weiner <hannes@...xchg.org>
To:	Pekka J Enberg <penberg@...helsinki.fi>
Cc:	"Kirill A. Shutemov" <kirill@...temov.name>,
	Christoph Lameter <cl@...ux-foundation.org>,
	Matt Mackall <mpm@...enic.com>, linux-kernel@...r.kernel.org,
	linux-mm@...ck.org, linux-crypto@...r.kernel.org,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Geert.Uytterhoeven@...ycom.com
Subject: Re: [PATCH] Export symbol ksize()

On Tue, Feb 10, 2009 at 04:06:53PM +0200, Pekka J Enberg wrote:
> On Tue, Feb 10, 2009 at 03:35:03PM +0200, Pekka Enberg wrote:
> > > We unexported ksize() because it's a problematic interface and you
> > > almost certainly want to use the alternatives (e.g. krealloc). I think
> > > I need bit more convincing to apply this patch...
>  
> On Tue, 10 Feb 2009, Kirill A. Shutemov wrote:
> > It just a quick fix. If anybody knows better solution, I have no
> > objections.
> 
> Herbert, what do you think of this (untested) patch? Alternatively, we 
> could do something like kfree_secure() but it seems overkill for this one 
> call-site.

There are more callsites which do memset() + kfree():

	arch/s390/crypto/prng.c
	drivers/s390/crypto/zcrypt_pcixcc.c
	drivers/md/dm-crypt.c
	drivers/usb/host/hwa-hc.c
	drivers/usb/wusbcore/cbaf.c
	(drivers/w1/w1{,_int}.c)
	fs/cifs/misc.c
	fs/cifs/connect.c
	fs/ecryptfs/keystore.c
	fs/ecryptfs/messaging.c
	net/atm/mpoa_caches.c

How about the attached patch?  One problem is that zeroing ksize()
bytes can have an overhead of nearly twice the actual allocation size.

So we would need an interface that lets the caller pass in either a
number of bytes it wants to have zeroed out or say idontknow.

Perhaps add a size parameter that is cut to ksize() if it's too big?
Or (ssize_t)-1 for figureitoutyourself?

	Hannes

---
Subject: slab: introduce kzfree()

kzfree() is a wrapper for kfree() that additionally zeroes the
underlying memory before releasing it to the slab allocator.

---
 include/linux/slab.h |    1 +
 mm/util.c            |   20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)

--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -127,6 +127,7 @@ int kmem_ptr_validate(struct kmem_cache 
 void * __must_check __krealloc(const void *, size_t, gfp_t);
 void * __must_check krealloc(const void *, size_t, gfp_t);
 void kfree(const void *);
+void kzfree(const void *);
 size_t ksize(const void *);
 
 /*
--- a/mm/util.c
+++ b/mm/util.c
@@ -129,6 +129,26 @@ void *krealloc(const void *p, size_t new
 }
 EXPORT_SYMBOL(krealloc);
 
+/**
+ * kzfree - like kfree but zero memory
+ * @p: object to free memory of
+ * @zsize: size of the memory region to zero
+ *
+ * The memory of the object @p points to is zeroed before freed.
+ * If @p is %NULL, kzfree() does nothing.
+ */
+void kzfree(const void *p)
+{
+	size_t ks;
+	void *mem = (void *)p;
+
+	if (unlikely(ZERO_OR_NULL_PTR(mem)))
+		return;
+	ks = ksize(mem);
+	memset(mem, 0, ks);
+	kfree(mem);
+}
+
 /*
  * strndup_user - duplicate an existing string from user space
  * @s: The string to duplicate
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ