Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects

From: Waiman Long
Date: Sun May 03 2020 - 22:58:00 EST


On 5/1/20 7:22 PM, Eric Biggers wrote:
On Tue, Apr 07, 2020 at 04:03:18PM -0400, Waiman Long wrote:
For kvmalloc'ed data object that contains sensitive information like
cryptographic key, we need to make sure that the buffer is always
cleared before freeing it. Using memset() alone for buffer clearing may
not provide certainty as the compiler may compile it away. To be sure,
the special memzero_explicit() has to be used.

This patch introduces a new kvfree_sensitive() for freeing those
sensitive data objects allocated by kvmalloc(). The relevnat places
where kvfree_sensitive() can be used are modified to use it.

Fixes: 4f0882491a14 ("KEYS: Avoid false positive ENOMEM error on key read")
Suggested-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Waiman Long <longman@xxxxxxxxxx>
Looks good, feel free to add:

Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>

(I don't really buy the argument that the compiler could compile away memset()
before kvfree(). But I agree with using memzero_explicit() anyway to make the
intent explicit.)

I don't see this patch in linux-next yet. Who is planning to take this patch?
Presumably David through the keyrings tree, or Andrew through mm?

- Eric

Andrew, would you mind taking this patch into the mm-tree?

Thanks,
Longman