Re: [PATCH] security: keys: Use kvfree_sensitive in a few places

From: James Bottomley
Date: Fri Sep 11 2020 - 12:57:52 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.9 69/71] net: usb: dm9601: Add USB ID of Keenetic Plus DSL"
Previous message: boris . ostrovsky: "Re: [PATCH 2/2] xen/gntdev.c: Convert get_user_pages*() to pin_user_pages*()"
In reply to: Jarkko Sakkinen: "Re: [PATCH] security: keys: Use kvfree_sensitive in a few places"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2020-09-11 at 12:44 +0100, Alex Dewar wrote:
> In big_key.c, there are a few places where memzero_explicit + kvfree
> is used. It is better to use kvfree_sensitive instead, which is more
> readable and also prevents the compiler from eliding the call to
> memzero_explicit. Fix this.

That last bit is untrue: the compiler can't elide memzero_explicit ...
that's why it has the explicit suffix.

The original problem was a lot of people do memset(.., 0, ..); kfree()
which the compiler can elide if it understands the memory is going out
of scope. Or the even more problematic memset(..., 0, ...) on a stack
variable before it goes out of scope.

We can argue about readability but there's no secret leak here.

James

Next message: Greg Kroah-Hartman: "[PATCH 4.9 69/71] net: usb: dm9601: Add USB ID of Keenetic Plus DSL"
Previous message: boris . ostrovsky: "Re: [PATCH 2/2] xen/gntdev.c: Convert get_user_pages*() to pin_user_pages*()"
In reply to: Jarkko Sakkinen: "Re: [PATCH] security: keys: Use kvfree_sensitive in a few places"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]