On Mon, Jan 05, 2015 at 10:36:37 +1100, Herbert Xu wrote: > On Sun, Jan 04, 2015 at 11:49:09PM +0100, Giel van Schijndel wrote: >> >>> sctx does not point to stack memory so this is bogus. >>> >>> Only stack memory cleared just before it goes out of scope needs >>> memzero_explicit. >> >> Is that because the compiler can't safely optimize memset(0) away for a >> variable with greater-than-local scope? > > Exactly. memzero_explicit is not a marker for sensitive data. > Its only purpose is to prevent the compiler from optimising away > zeroing that occurs at the end of a scope. Question: are you sure the compiler won't optimize the call to memset(0) way if it's immediately followed by kfree()? Because one of my changes concerns that situation. Another actually does change a stack-allocated buffer, I'll split that one off right away. -- Met vriendelijke groet, With kind regards, Giel van Schijndel -- "When all you have is a hammer, everything starts to look like a nail." -- Abraham Maslow
Attachment:
signature.asc
Description: Digital signature
