[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0fe5dcaf078be61ef21c7f18b750c5dc14c69dd7.camel@perches.com>
Date: Tue, 07 Apr 2020 13:31:16 -0700
From: Joe Perches <joe@...ches.com>
To: Waiman Long <longman@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
David Howells <dhowells@...hat.com>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>
Cc: linux-mm@...ck.org, keyrings@...r.kernel.org,
linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Matthew Wilcox <willy@...radead.org>,
David Rientjes <rientjes@...gle.com>
Subject: Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive
data objects
On Tue, 2020-04-07 at 16:03 -0400, Waiman Long wrote:
> For kvmalloc'ed data object that contains sensitive information like
> cryptographic key, we need to make sure that the buffer is always
> cleared before freeing it. Using memset() alone for buffer clearing may
> not provide certainty as the compiler may compile it away. To be sure,
> the special memzero_explicit() has to be used.
>
> This patch introduces a new kvfree_sensitive() for freeing those
> sensitive data objects allocated by kvmalloc(). The relevnat places
> where kvfree_sensitive() can be used are modified to use it.
[]
> diff --git a/include/linux/mm.h b/include/linux/mm.h
[]
> @@ -757,6 +757,7 @@ static inline void *kvcalloc(size_t n, size_t size, gfp_t flags)
> }
>
> extern void kvfree(const void *addr);
> +extern void kvfree_sensitive(const void *addr, size_t len);
Why should size_t len be required?
Why not do what kzfree does and memset
the entire allocation? (area->size)
Powered by blists - more mailing lists