| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <466B1286-FF37-46D1-BBD9-FCE3CC1252B6@linux.dev> Date: Mon, 30 Sep 2024 15:08:42 +0200 From: Thorsten Blum <thorsten.blum@...ux.dev> To: Krzysztof Kozlowski <krzk@...nel.org> Cc: linux-kernel@...r.kernel.org Subject: Re: [PATCH] w1: Use kfree_sensitive() instead of memset(0) and kfree() On 30. Sep 2024, at 14:15, Thorsten Blum <thorsten.blum@...ux.dev> wrote: > On 30. Sep 2024, at 13:50, Krzysztof Kozlowski <krzk@...nel.org> wrote: >> On 30/09/2024 13:44, Thorsten Blum wrote: >>> Use kfree_sensitive() to simplify w1_unref_slave() and remove the >>> following Coccinelle/coccicheck warning reported by >>> kfree_sensitive.cocci: >>> >>> WARNING opportunity for kfree_sensitive/kvfree_sensitive >> >> So are you fixing coccinelle just to hide the warning or actually fixing >> issue? Why this structure should be zeroed? > > No issue, just a refactoring (+zeroing out) to silence the warning. The > structure probably doesn't need to be zeroed out, but why is it done > for DEBUG builds? > >>> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev> >>> --- >>> Please note: this change assumes that #ifdef DEBUG is no longer needed >>> and we should always zero out the memory. >> >> But why are you assuming that? Your patch is not equivalent and I do not >> see any explanation in commit msg why is that. Sorry, just ignore this patch for now. I misread the code and mixed things up. Thanks, Thorsten
Powered by blists - more mailing lists