On Wed, Nov 19, 2014 at 05:13:11PM +0100, Daniel Borkmann wrote: > Commit e1bd95bf7c25 ("crypto: algif - zeroize IV buffer") and > 2a6af25befd0 ("crypto: algif - zeroize message digest buffer") > added memzero_explicit() calls on buffers that are later on > passed back to sock_kfree_s(). > > This is a discussed follow-up that, instead, extends the sock > API and adds sock_kzfree_s(), which internally uses kzfree() > instead of kfree() for passing the buffers back to slab. > > Having sock_kzfree_s() allows to keep the changes more minimal > by just having a drop-in replacement instead of adding > memzero_explicit() calls everywhere before sock_kfree_s(). > > In kzfree(), the compiler is not allowed to optimize the memset() > away and thus there's no need for memzero_explicit(). Both, > sock_kfree_s() and sock_kzfree_s() are wrappers for > __sock_kfree_s() and call into kfree() resp. kzfree(); here, > __sock_kfree_s() needs to be explicitly inlined as we want the > compiler to optimize the call and condition away and thus it > produces e.g. on x86_64 the _same_ assembler output for > sock_kfree_s() before and after, and thus also allows for > avoiding code duplication. > > Cc: David S. Miller <davem@xxxxxxxxxxxxx> > Signed-off-by: Daniel Borkmann <dborkman@xxxxxxxxxx> Patch applied. Thanks! -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html