Re: [PATCH crypto-next] crypto: algif - add and use sock_kzfree_s() instead of memzero_explicit()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 19, 2014 at 05:13:11PM +0100, Daniel Borkmann wrote:
> Commit e1bd95bf7c25 ("crypto: algif - zeroize IV buffer") and
> 2a6af25befd0 ("crypto: algif - zeroize message digest buffer")
> added memzero_explicit() calls on buffers that are later on
> passed back to sock_kfree_s().
> 
> This is a discussed follow-up that, instead, extends the sock
> API and adds sock_kzfree_s(), which internally uses kzfree()
> instead of kfree() for passing the buffers back to slab.
> 
> Having sock_kzfree_s() allows to keep the changes more minimal
> by just having a drop-in replacement instead of adding
> memzero_explicit() calls everywhere before sock_kfree_s().
> 
> In kzfree(), the compiler is not allowed to optimize the memset()
> away and thus there's no need for memzero_explicit(). Both,
> sock_kfree_s() and sock_kzfree_s() are wrappers for
> __sock_kfree_s() and call into kfree() resp. kzfree(); here,
> __sock_kfree_s() needs to be explicitly inlined as we want the
> compiler to optimize the call and condition away and thus it
> produces e.g. on x86_64 the _same_ assembler output for
> sock_kfree_s() before and after, and thus also allows for
> avoiding code duplication.
> 
> Cc: David S. Miller <davem@xxxxxxxxxxxxx>
> Signed-off-by: Daniel Borkmann <dborkman@xxxxxxxxxx>

Patch applied.  Thanks!
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux