Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects

From: Eric Biggers
Date: Fri May 01 2020 - 19:22:28 EST


On Tue, Apr 07, 2020 at 04:03:18PM -0400, Waiman Long wrote:
> For kvmalloc'ed data object that contains sensitive information like
> cryptographic key, we need to make sure that the buffer is always
> cleared before freeing it. Using memset() alone for buffer clearing may
> not provide certainty as the compiler may compile it away. To be sure,
> the special memzero_explicit() has to be used.
>
> This patch introduces a new kvfree_sensitive() for freeing those
> sensitive data objects allocated by kvmalloc(). The relevnat places
> where kvfree_sensitive() can be used are modified to use it.
>
> Fixes: 4f0882491a14 ("KEYS: Avoid false positive ENOMEM error on key read")
> Suggested-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Waiman Long <longman@xxxxxxxxxx>

Looks good, feel free to add:

Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>

(I don't really buy the argument that the compiler could compile away memset()
before kvfree(). But I agree with using memzero_explicit() anyway to make the
intent explicit.)

I don't see this patch in linux-next yet. Who is planning to take this patch?
Presumably David through the keyrings tree, or Andrew through mm?

- Eric