Re: [PATCH v2] mm: Add kvfree_sensitive() for freeing sensitive data objects

From: David Howells
Date: Tue Apr 07 2020 - 17:14:24 EST

Next message: Cristian Souza: "[PATCH] docs: admin-guide: Clarify sentences"
Previous message: Paul Spooren: "[PATCH 0/5] arm: dts: linksys: rename codename to model"
In reply to: Linus Torvalds: "Re: [PATCH v2] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Next in thread: Linus Torvalds: "Re: [PATCH v2] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

> So the _real_ prototype for 'free()'-like operations should be something like
>
> void free(const volatile killed void *ptr);
>
> where that "killed" also tells the compiler that the pointer lifetime
> is dead, so that using it afterwards is invalid. So that the compiler
> could warn us about some of the most trivial use-after-free cases.

It might be worth asking the compiler folks to give us an __attribute__ for
that - even if they don't do anything with it immediately. So we might have
something like:

void free(const volatile void *ptr) __attribute__((free(1)));

There are some for allocation functions, some of which we use, though I'm not
sure we do so as consistently as we should (should inline functions like
kcalloc() have them, for example?).

David

Next message: Cristian Souza: "[PATCH] docs: admin-guide: Clarify sentences"
Previous message: Paul Spooren: "[PATCH 0/5] arm: dts: linksys: rename codename to model"
In reply to: Linus Torvalds: "Re: [PATCH v2] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Next in thread: Linus Torvalds: "Re: [PATCH v2] mm: Add kvfree_sensitive() for freeing sensitive data objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]