Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4760821ybb;
        Tue, 7 Apr 2020 14:02:32 -0700 (PDT)
X-Google-Smtp-Source: APiQypK/jrHyJRo2OqXzg2xLD/o8eEvfdTS6qMjicLGUR70kdsnDWVFyxpCWNLRg4gNBUGZ24TLS
X-Received: by 2002:a05:6830:1d90:: with SMTP id y16mr3347227oti.157.1586293352326;
        Tue, 07 Apr 2020 14:02:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1586293352; cv=none;
        d=google.com; s=arc-20160816;
        b=GIZVbri9273vtbHFl+m1PTem9GN7sseWjew0MHOVQOUp91iQG1dsu5OvOFJUEldB9w
         aKLzWE9LWKmP25o68jNMNkCGht2stf/NaM2APovEWBKGzXleLtvq1qxFQSx8sWbOuaLe
         GtLdSIeqd685x70mB0fertJyAi07ecWm4m3D6hHhiWwGaMcW1vjmwkAONpl038Ff2MZQ
         gOi0YX1Hds74vPUZUU8u42pJQpK+A1/Hywn3URTD566oyX7vRNWvvIM38pwSbbNHu4XZ
         K0YhqrVb/WfQDCCOP/EEyrlX/zqLh2SMpT4g6XLx+Q9jlAKC86F3vaX0kNB3XbuKA93I
         MlRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=epjd3hRndDDxUzNxhGw+kNUEWswsyoCP1k+ltMRz2F0=;
        b=0lMXOeSguTVIO941FP9hYCGkbW5LCvzvnsM6q2gqk0AeTKsvdKEB8HIIaTLtLN8xRB
         GExpLs2HEI0t4nOW75Zz+Vi91FYDVZKt3gOwhfRjfZy/cl+acwHmXyauTzkLcOMjS9Em
         pXdIMYlFlIb6xzizx+RyiNg7cuhjhQQXDDUnB6qYgdQGi2ruLn+KDxTaPITf6QCtBD7e
         JuY9HsEyXCoqgxfMCzEbHDeElhdr+U4GIsHNm6Voof22gL7cAmeu9sw2r3h3FCXuVM0V
         UFHo36mBdQniQ74jb/i4lGMUvubr+XQzZvARJpah1LeJspYmngCBGz8lAFjJAj3O1oVb
         5oZw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=Rea+dN4P;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 5si1509425oin.43.2020.04.07.14.02.17;
        Tue, 07 Apr 2020 14:02:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=Rea+dN4P;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726421AbgDGVBY (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Tue, 7 Apr 2020 17:01:24 -0400
Received: from mail-lf1-f66.google.com ([209.85.167.66]:34362 "EHLO
        mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726403AbgDGVBX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 7 Apr 2020 17:01:23 -0400
Received: by mail-lf1-f66.google.com with SMTP id x23so3505109lfq.1
        for <linux-kernel@vger.kernel.org>; Tue, 07 Apr 2020 14:01:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=epjd3hRndDDxUzNxhGw+kNUEWswsyoCP1k+ltMRz2F0=;
        b=Rea+dN4Po4ublGuumqEu1Z9YdmnTeD34HLjcUPAn4kHYHWLUNPIQ/VZCsT6xyf8JiS
         bmcrncrGMpFp3ozkp1oN3IxqZ435NGWt/x7uln8afuzN0jgjeD5EbAAwriXLYujNsWDj
         hGtKlgxlKKZWInJKxtH5YVmPqsKEobcBPvotE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=epjd3hRndDDxUzNxhGw+kNUEWswsyoCP1k+ltMRz2F0=;
        b=cPdaQWXj08G39/LHQAYJBAu4mFgoZNIEel1r7WVQtZ4gBVWT0GXSqONkBNVztxs0Eq
         xyXv9Iw7+BDtGfRE0VqzGUzp/3QFSVbx0DQbegbe/U2Y/oIZ6NVZ+6P9Cmj6yUiB3N2e
         uNzQn63zCuh6LojVa5Id552/NLNNoHkjIvxwyPSo9UCB0D/odWGWSnfHT/wt2rpvD3ei
         v2Fya6VKqD1xVL4IobzuIEJmrWL+mvquoSZjZ5BV0FP7pY2vDpRcShIfj6I+L86iEuXf
         NXu76ksi4C/PrlUuFBoaLeEv0OJNrAM+W4R+G1Aom8hLeRtvPecpbU3xddf9QKqTVgUH
         S5kw==
X-Gm-Message-State: AGi0PuZvTYYe1RlwlL/nVR67IbnXgX/ZUlkw9MztpLCnEYEVdrkAYbwV
        4m4aRupF2N6o/e/9gGoZr1zFVrZ+GNI=
X-Received: by 2002:a19:494f:: with SMTP id l15mr2518612lfj.33.1586293279685;
        Tue, 07 Apr 2020 14:01:19 -0700 (PDT)
Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com. [209.85.208.178])
        by smtp.gmail.com with ESMTPSA id o2sm12314195ljm.2.2020.04.07.14.01.17
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 07 Apr 2020 14:01:17 -0700 (PDT)
Received: by mail-lj1-f178.google.com with SMTP id z26so1203288ljz.11
        for <linux-kernel@vger.kernel.org>; Tue, 07 Apr 2020 14:01:17 -0700 (PDT)
X-Received: by 2002:a05:651c:50e:: with SMTP id o14mr2769380ljp.241.1586293277007;
 Tue, 07 Apr 2020 14:01:17 -0700 (PDT)
MIME-Version: 1.0
References: <20200407200318.11711-1-longman@redhat.com> <0fe5dcaf078be61ef21c7f18b750c5dc14c69dd7.camel@perches.com>
 <67c51b03-192c-3006-5071-452f351aee67@redhat.com>
In-Reply-To: <67c51b03-192c-3006-5071-452f351aee67@redhat.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue, 7 Apr 2020 14:01:01 -0700
X-Gmail-Original-Message-ID: <CAHk-=whV5Z4XioUOW0UM-PBrW7iqb0HwWKQU5Vn8b5pmsDm=Ww@mail.gmail.com>
Message-ID: <CAHk-=whV5Z4XioUOW0UM-PBrW7iqb0HwWKQU5Vn8b5pmsDm=Ww@mail.gmail.com>
Subject: Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects
To:     Waiman Long <longman@redhat.com>
Cc:     Joe Perches <joe@perches.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        David Howells <dhowells@redhat.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Linux-MM <linux-mm@kvack.org>, keyrings@vger.kernel.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Matthew Wilcox <willy@infradead.org>,
        David Rientjes <rientjes@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 7, 2020 at 1:45 PM Waiman Long <longman@redhat.com> wrote:
>
> If the memory is really virtually mapped, the only way to find out the
> size of the object is to use find_vm_area() which can be relatively high
> cost and no simple helper function is available.

We _could_ just push it down to a "vfree_sensitive()", and do it
inside the vfree logic. That ends up obviously figuring out the size
of the area eventually.

But since the vmalloc data structures fundamentally aren't irq-safe,
vfree() actually has magical things like "if called in an interrupt,
we'll delay it to work context".

So that "eventually" can be quite a bit later, and it would delay the
overwriting of the sensitive data if we did that.

So this patch does end up simpler, but for vfree data it is actually
technically the better approach too (since overwriting the sensitive
data asap is what you want).

            Linus