Re: [PATCH v2] mm: Add kvfree_sensitive() for freeing sensitive data objects
From: Joe Perches
Date: Tue Apr 07 2020 - 02:43:26 EST
On Mon, 2020-04-06 at 22:16 -0400, Waiman Long wrote:
> On 4/6/20 3:38 PM, Joe Perches wrote:
> > On Mon, 2020-04-06 at 14:58 -0400, Waiman Long wrote:
> > > For kvmalloc'ed data object that contains sensitive information like
> > > cryptographic key, we need to make sure that the buffer is always
> > > cleared before freeing it. Using memset() alone for buffer clearing may
> > > not provide certainty as the compiler may compile it away. To be sure,
> > > the special memzero_explicit() has to be used.
> > []
> > > extern void kvfree(const void *addr);
> > > +extern void kvfree_sensitive(const void *addr, size_t len);
> > Question: why should this be const?
> >
> > 2.1.44 changed kfree(void *) to kfree(const void *) but
> > I didn't find a particular reason why.
>
> I am just following the function prototype used by kvfree(). Even
> kzfree(const void *) use const. I can remove "const" if others agree.
No worries. Nevermind me...
Lots of warnings if allocated pointers are const, so const is necessary
in the definition and declaration.
struct foo {
...
};
struct bar {
const struct foo *baz;
...
};
some_func(void)
{
bar.baz = kvalloc(...);
}
kvfree can't free bar.baz if it's defined with void * without warning,
so it must be const void *.
Apologies for the noise.