Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects

From: Linus Torvalds
Date: Tue Apr 07 2020 - 17:31:19 EST

Next message: Nayna: "Re: [RFC PATCH v2 00/12] Integrity Policy Enforcement LSM (IPE)"
Previous message: Hans de Goede: "[PATCH] platform/x86: intel_int0002_vgpio: Only bind to the INT0002 dev when using s2idle"
In reply to: Uladzislau Rezki: "Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Next in thread: Matthew Wilcox: "Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 7, 2020 at 2:25 PM Uladzislau Rezki <urezki@xxxxxxxxx> wrote:
>
> Seems like there is only one place where we can "sleep". I mean when we
> call vfree(). That is free_vmap_area_noflush() -> try_purge_vmap_area_lazy().
> Basically try_purge_vmap_area_lazy() can call the schedule() what is not
> allowed for IRQs. Instead of inlining the try_purge_vmap_area_lazy()
> into current context we can schedule_work(). And i think it makes sense
> from many point of views.

I don't think that's the only case.

Or rather, that may be the only case of _sleeping_, but we also aren't
irq-safe wrt locking.

And I'm not just talking about the vmap_purge_lock mutex, but all the
spinlocks etc we have.

That said, I haven't looked at that code in _ages_. Maybe those things
would be trivial to just turn into irq-safe ones and there are no real
latency issues anywhere.

Linus

Next message: Nayna: "Re: [RFC PATCH v2 00/12] Integrity Policy Enforcement LSM (IPE)"
Previous message: Hans de Goede: "[PATCH] platform/x86: intel_int0002_vgpio: Only bind to the INT0002 dev when using s2idle"
In reply to: Uladzislau Rezki: "Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Next in thread: Matthew Wilcox: "Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]