Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects

From: Linus Torvalds
Date: Tue Apr 07 2020 - 16:09:33 EST


On Tue, Apr 7, 2020 at 1:03 PM Waiman Long <longman@xxxxxxxxxx> wrote:
>
> For kvmalloc'ed data object that contains sensitive information like
> cryptographic key, we need to make sure that the buffer is always
> cleared before freeing it. Using memset() alone for buffer clearing may
> not provide certainty as the compiler may compile it away. To be sure,
> the special memzero_explicit() has to be used.

Ack. Since this isn't exactly high-priority, I'm assuming it will go
through the usual channels (ie Andrew).

Linus