Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4741739ybb; Tue, 7 Apr 2020 13:34:15 -0700 (PDT) X-Google-Smtp-Source: APiQypIQ3RTNSnyBxzmuew1zwmCLM5Yd0ZVgP1lIuB2YMEmPnN6fomyNl6fRJ8llL2+Z48KDPYEv X-Received: by 2002:a9d:798a:: with SMTP id h10mr3039005otm.367.1586291655291; Tue, 07 Apr 2020 13:34:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586291655; cv=none; d=google.com; s=arc-20160816; b=hZw1Sxhgsm7Q5wPuExdboaSqjPxbtnW931wY0OAy61NWIeWU+tKoln+EOdkAvZYPUU pp4jmLri+LwRbNpDhkwcR3rJzi46irp+WElqpyM7hfyZxLYRDhgru7QMj1onjk4Bhc1l rNeuphmu82yPzsvsuUP91BJooq/oSZMrnQFkHokeaG1OfMp7gCY/iyw2AVaiJykvRp5W sh9j5EVsn7HVQ/vMvHIDQdpTkE1HIA0QsX7KdZvXzJdl3IQx3IB8y28bOjqvnNpt+mXr 6ada56lQBgaowpPPnVaMZIQoqTlvDCcuEteR5//MdE+7AjpPBNoGD/+abNt9xbARwxfn a9EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=FvXAxYXe9t5sW89AsXMPGDmM4I155Mq1WGbauSdoNpY=; b=KwuVcNqJbVNImAuIlWBUBUEJb5dNs64lTQQzsqbGXQKmzS0sVSBCDsOZgpZ2ajPojr +SlOamL7cbv5ctzcQPCbOnfnLqfX7qodAZMcsohJRUKpGcPSQPE7dJ4xGIDuc2kAFB5E wnyU9HnglnSnT+CMGeRO4yG5NP/4ItTd8lBxQqF2Z/Np0Tji5o0hF3owj52UQP6o53Ko cv7H08BWyxgPEd4sQeHHQz42Gy21YgDWLdANXpi88LHc5i0g67Aw25W/MO+4ub3xV7Wi 7dBN0o4j5LDJo8AI8HhEiKpQt+A4tt0Lal9ma/XEW3vAD8odkR9XMs2y5uKf013Ng+NI NORA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v35si217068otb.120.2020.04.07.13.33.59; Tue, 07 Apr 2020 13:34:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726416AbgDGUdS (ORCPT + 99 others); Tue, 7 Apr 2020 16:33:18 -0400 Received: from smtprelay0160.hostedemail.com ([216.40.44.160]:56964 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726277AbgDGUdS (ORCPT ); Tue, 7 Apr 2020 16:33:18 -0400 Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay05.hostedemail.com (Postfix) with ESMTP id 97DE21802914F; Tue, 7 Apr 2020 20:33:17 +0000 (UTC) X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,,RULES_HIT:41:355:379:599:965:966:973:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1540:1593:1594:1711:1730:1747:1777:1792:2196:2199:2393:2553:2559:2562:2828:2892:3138:3139:3140:3141:3142:3352:3622:3865:3867:3868:3871:3872:3874:4321:4385:4390:4395:5007:6119:7903:8603:10004:10400:10848:11232:11658:11914:12048:12297:12740:12760:12895:13069:13076:13141:13161:13229:13230:13311:13357:13439:14659:14721:21080:21627:30054:30075:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:1,LUA_SUMMARY:none X-HE-Tag: glass81_56ab4fb76ca51 X-Filterd-Recvd-Size: 2129 Received: from XPS-9350.home (unknown [47.151.136.130]) (Authenticated sender: joe@perches.com) by omf17.hostedemail.com (Postfix) with ESMTPA; Tue, 7 Apr 2020 20:33:15 +0000 (UTC) Message-ID: <0fe5dcaf078be61ef21c7f18b750c5dc14c69dd7.camel@perches.com> Subject: Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects From: Joe Perches To: Waiman Long , Andrew Morton , David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" Cc: linux-mm@kvack.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, Linus Torvalds , Matthew Wilcox , David Rientjes Date: Tue, 07 Apr 2020 13:31:16 -0700 In-Reply-To: <20200407200318.11711-1-longman@redhat.com> References: <20200407200318.11711-1-longman@redhat.com> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.34.1-2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2020-04-07 at 16:03 -0400, Waiman Long wrote: > For kvmalloc'ed data object that contains sensitive information like > cryptographic key, we need to make sure that the buffer is always > cleared before freeing it. Using memset() alone for buffer clearing may > not provide certainty as the compiler may compile it away. To be sure, > the special memzero_explicit() has to be used. > > This patch introduces a new kvfree_sensitive() for freeing those > sensitive data objects allocated by kvmalloc(). The relevnat places > where kvfree_sensitive() can be used are modified to use it. [] > diff --git a/include/linux/mm.h b/include/linux/mm.h [] > @@ -757,6 +757,7 @@ static inline void *kvcalloc(size_t n, size_t size, gfp_t flags) > } > > extern void kvfree(const void *addr); > +extern void kvfree_sensitive(const void *addr, size_t len); Why should size_t len be required? Why not do what kzfree does and memset the entire allocation? (area->size)