lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 19 Feb 2009 18:28:55 +0000 (GMT)
From:	Hugh Dickins <hugh@...itas.com>
To:	Matt Mackall <mpm@...enic.com>
cc:	Pekka Enberg <penberg@...helsinki.fi>,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	David Vrabel <david.vrabel@....com>,
	Johannes Weiner <hannes@...xchg.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Chas Williams <chas@....nrl.navy.mil>,
	Evgeniy Polyakov <johnpol@....mipt.ru>, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org,
	Christoph Lameter <cl@...ux-foundation.org>,
	Nick Piggin <npiggin@...e.de>
Subject: Re: [patch 1/7] slab: introduce kzfree()

On Thu, 19 Feb 2009, Matt Mackall wrote:
> On Thu, 2009-02-19 at 16:34 +0000, Hugh Dickins wrote:
> > On Thu, 19 Feb 2009, Pekka Enberg wrote:
> > > On Thu, 2009-02-19 at 10:22 +0900, KOSAKI Motohiro wrote:
> > > > 
> > > > poisonig is transparent feature from caller.
> > > > but the caller of kzfree() know to fill memory and it should know.
> > > 
> > > Debatable, sure, but doesn't seem like a big enough reason to make
> > > kzfree() differ from kfree().
> > 
> > There may be more important things for us to worry about,
> > but I do strongly agree with KOSAKI-san on this.
> > 
> > kzfree() already differs from kfree() by a "z": that "z" says please
> > zero the buffer pointed to; "const" says it won't modify the buffer
> > pointed to.  What sense does kzfree(const void *) make?  Why is
> > keeping the declarations the same apart from the "z" desirable?
> > 
> > By all means refuse to add kzfree(), but please don't add it with const.
> > 
> > I can see that the "const" in kfree(const void *) is debatable
> > [looks to see how userspace free() is defined: without a const],
> > I can see that it might be nice to have some "goesaway" attribute
> > for such pointers instead; but I don't see how you can argue for
> > kzalloc(const void *).
    ^^^^^^^^^^^^^^^^^^^^^
(Of course I meant to say "kzfree(const void *)" there.)

> 
> This is what Linus said last time this came up:
> 
> http://lkml.org/lkml/2008/1/16/227

Thanks for that, I remember it now.

Okay, that's some justification for kfree(const void *).

But I fail to see it as a justification for kzfree(const void *):
if someone has "const char *string = kmalloc(size)" and then
wants that string zeroed before it is freed, then I think it's
quite right to cast out the const when calling kzfree().

Hugh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ