lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <fc0c13df-a0a6-4cf7-badc-c08a9a7054f6@kernel.org>
Date: Mon, 30 Sep 2024 13:50:01 +0200
From: Krzysztof Kozlowski <krzk@...nel.org>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] w1: Use kfree_sensitive() instead of memset(0) and
 kfree()

On 30/09/2024 13:44, Thorsten Blum wrote:
> Use kfree_sensitive() to simplify w1_unref_slave() and remove the
> following Coccinelle/coccicheck warning reported by
> kfree_sensitive.cocci:
> 
>   WARNING opportunity for kfree_sensitive/kvfree_sensitive

So are you fixing coccinelle just to hide the warning or actually fixing
issue? Why this structure should be zeroed?

> 
> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
> ---
> Please note: this change assumes that #ifdef DEBUG is no longer needed
> and we should always zero out the memory.

But why are you assuming that? Your patch is not equivalent and I do not
see any explanation in commit msg why is that.

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ