Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects

From: Jarkko Sakkinen
Date: Wed Apr 08 2020 - 09:38:43 EST

Next message: Maxime Ripard: "Re: [PATCH v6 1/3] media: dt-bindings: ov8856: Document YAML bindings"
Previous message: Aurabindo Pillai: "[PATCH] drm/amd/amdgpu: add prefix for pr_* prints"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 07, 2020 at 04:03:18PM -0400, Waiman Long wrote:
> For kvmalloc'ed data object that contains sensitive information like
> cryptographic key, we need to make sure that the buffer is always
> cleared before freeing it. Using memset() alone for buffer clearing may
> not provide certainty as the compiler may compile it away. To be sure,
> the special memzero_explicit() has to be used.
>
> This patch introduces a new kvfree_sensitive() for freeing those
> sensitive data objects allocated by kvmalloc(). The relevnat places
> where kvfree_sensitive() can be used are modified to use it.
>
> Fixes: 4f0882491a14 ("KEYS: Avoid false positive ENOMEM error on key read")
> Suggested-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Waiman Long <longman@xxxxxxxxxx>

Acked-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>

David, you want to pick this one?

/Jarkko

Next message: Maxime Ripard: "Re: [PATCH v6 1/3] media: dt-bindings: ov8856: Document YAML bindings"
Previous message: Aurabindo Pillai: "[PATCH] drm/amd/amdgpu: add prefix for pr_* prints"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]