Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4779242ybb;
        Tue, 7 Apr 2020 14:25:36 -0700 (PDT)
X-Google-Smtp-Source: APiQypI+F0nYlBINNKno5yWnezQfJ1Fm0pb66lPCfBp3nfbr26WOjjXTamxrAevIVAerw5aoxvna
X-Received: by 2002:a05:6830:4006:: with SMTP id h6mr1910564ots.304.1586294736662;
        Tue, 07 Apr 2020 14:25:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1586294736; cv=none;
        d=google.com; s=arc-20160816;
        b=V8ZbRiDIEci5hcYWetrZhA8bRhVhB1kiPYgDGx0F5mYP26OlNZjxgrulz2LC0RrTwc
         u5lEOhryLDDhr8IfbEYiCW2x72ZbCfJPsaU8ZLFx1DpT3jh5sdtDVkZVs46aZht9WGeu
         f7WgrGHppX0hKqV2V/QJiZQDMWBcA884HYVjRMPPHe0eJ8QDB/C0LNd/F/q2Y0xE3xnJ
         F2g4+O6G1ZeOGzZaa1NyLmeaNTF8EAByGtq9rJmZe95CtwYU5lxrDZgo9T+DhHpeQQV8
         bTgUtVj+HZQ/FqzXr9CHjQmwmuUpTe+KCmWwV3mYUHbxPIo5jUzK/8m31iSrGyDLOPXA
         MgcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=VqAA90EFEqaZqtfJsahs6rAmiP9w+6pABhPEUrk2J0s=;
        b=pxbmdZFotaxySm/VXpmDHJ1KpHfZ6FMc6Bcg/sHDlJplJyboofRXBCkmP8jkNzsEcR
         frlIyzLkL5XcYiDQr4e5MFxSKJQAAbECPLfITaFwxLfRzWVwf07Se7Rptk9YeT0XsXAE
         RVu5yFiDZt6Nlb9hR1H4swDQdLVZECKhU5U6TN5LTbLE8aRUsTpNp/BUmlitEgIkCP8m
         CaMtfu3apZk38bN99eY/DAy3Al0s+Ti3Xr5xWl6P3toXJNSPDbnnGlXnMPhA8fjDiAzn
         OdGW7TlcyN+5mccqEbZbZPKvz2QlqcmSZBVysAcu87hRrox8LmoHfc4YEV3DXUkzId+c
         kW2w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=cWtyAfRJ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g203si1576346oif.38.2020.04.07.14.25.16;
        Tue, 07 Apr 2020 14:25:36 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=cWtyAfRJ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726494AbgDGVW5 (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Tue, 7 Apr 2020 17:22:57 -0400
Received: from mail-lj1-f193.google.com ([209.85.208.193]:45533 "EHLO
        mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726386AbgDGVW5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 7 Apr 2020 17:22:57 -0400
Received: by mail-lj1-f193.google.com with SMTP id t17so5331729ljc.12
        for <linux-kernel@vger.kernel.org>; Tue, 07 Apr 2020 14:22:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=VqAA90EFEqaZqtfJsahs6rAmiP9w+6pABhPEUrk2J0s=;
        b=cWtyAfRJ6HZ9whZ7T1OwTqUkHj67UHyQLHNktG1URy3jMW58GkW80jxJjlj8gB7GhE
         3F0b04BHhGAUviItNAlVtNpm1kMC4wyjt5JtQfw/V+AcyE9EB5lvlfGHC0oM8Tdjg/zB
         YwojkZl7/nVdBy5im39XCep/6nxy8E2TkGYTI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=VqAA90EFEqaZqtfJsahs6rAmiP9w+6pABhPEUrk2J0s=;
        b=eQNlqbQSKmPICsgqEUA/QMd/rUf7BhAvTqFgLazIaEmoAEFYZJr9cUrAdPgTTyb13c
         thG81NqDQbAaoOWnnyPFOLSc3cHEsoULN6UXBQVs8I3ZznEcCQXdoYTfeomBS/WemYl+
         lG+gElcN6QHgUrtW5KZ+I9MecDwvlRw+8XWshGBZo0qSB8GXx7Q41nnC2qax/y6SO8bT
         QZmVwHhICIzkVSeShtwhsaH1On5YZiRYUhuXp8H/ucasZGkKYEG1dschr3nyjalQC/Xl
         l6w9D0bfPVqCQvpHZ9sPW1A1kfXw8USFr8URIzzntkGsEcNCaCk+d39uLJH80IiFbWFc
         PgLg==
X-Gm-Message-State: AGi0PuYfnMd4qs82NuePrvr8QVPKbwuuPrqBEcA0u4bcqLJzkzqJhzO7
        co6X0PVSoWWnREvBYceUGbk7pVVTsmk=
X-Received: by 2002:a2e:8746:: with SMTP id q6mr2831167ljj.13.1586294572377;
        Tue, 07 Apr 2020 14:22:52 -0700 (PDT)
Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com. [209.85.208.178])
        by smtp.gmail.com with ESMTPSA id x23sm12529072ljd.23.2020.04.07.14.22.50
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 07 Apr 2020 14:22:51 -0700 (PDT)
Received: by mail-lj1-f178.google.com with SMTP id q19so5341413ljp.9
        for <linux-kernel@vger.kernel.org>; Tue, 07 Apr 2020 14:22:50 -0700 (PDT)
X-Received: by 2002:a2e:a58e:: with SMTP id m14mr2888317ljp.204.1586294570185;
 Tue, 07 Apr 2020 14:22:50 -0700 (PDT)
MIME-Version: 1.0
References: <20200406185827.22249-1-longman@redhat.com> <c2c8adf48be7cb18bbdf0aef7d21e2defe3d2183.camel@perches.com>
 <CAHk-=wg_mkSc-pH8ntGHR=no9DOLRQyxdtU20p55DrM1su6QzA@mail.gmail.com>
 <CAHk-=wg2Vsb0JETo24=Tc-T2drwMopMRfKnc__r5SZ6tEnbwcA@mail.gmail.com> <699292.1586294051@warthog.procyon.org.uk>
In-Reply-To: <699292.1586294051@warthog.procyon.org.uk>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue, 7 Apr 2020 14:22:33 -0700
X-Gmail-Original-Message-ID: <CAHk-=whwaNvyd1q=h0nUQio9byojpxufGkOiVfAh10woRs8KSA@mail.gmail.com>
Message-ID: <CAHk-=whwaNvyd1q=h0nUQio9byojpxufGkOiVfAh10woRs8KSA@mail.gmail.com>
Subject: Re: [PATCH v2] mm: Add kvfree_sensitive() for freeing sensitive data objects
To:     David Howells <dhowells@redhat.com>
Cc:     Joe Perches <joe@perches.com>, Waiman Long <longman@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Linux-MM <linux-mm@kvack.org>, keyrings@vger.kernel.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Matthew Wilcox <willy@infradead.org>,
        David Rientjes <rientjes@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 7, 2020 at 2:14 PM David Howells <dhowells@redhat.com> wrote:
>
> It might be worth asking the compiler folks to give us an __attribute__ for
> that - even if they don't do anything with it immediately.  So we might have
> something like:
>
>         void free(const volatile void *ptr) __attribute__((free(1)));

Yeah, that sounds sane.

> There are some for allocation functions, some of which we use, though I'm not
> sure we do so as consistently as we should (should inline functions like
> kcalloc() have them, for example?).

I think that gcc supports a "malloc" attribute, but it's only used for
alias analysis optimizations, afaik (ie it says that the pointer the
function returns cannot alias anything else).

So we do have that "__malloc" thing, but I'm not sure how much it
actually matters.

And adding it to inline functions shouldn't be _wrong_, but it
shouldn't matter either, since I think the alias analysis would work
regardless.

I wonder how much of a code generation difference it makes. I suspect
not a lot, but maybe I'd be surprsied.

But yes, having the free attribute would be consistent (even if the
syntax for it might be as you suggest, kind of like the __printf()
attribute works). Even if it wasn't initially used for anything it
wouldn't hurt, and maybe some day it would improve warnings (and allow
the compiler to do the dead store elimination that started this whole
long set of threads in the first place..)

            Linus