On Wed, Nov 19, 2014 at 05:13:11PM +0100, Daniel Borkmann wrote:
> Commit e1bd95bf7c25 ("crypto: algif - zeroize IV buffer") and
> 2a6af25befd0 ("crypto: algif - zeroize message digest buffer")
> added memzero_explicit() calls on buffers that are later on
> passed back to sock_kfree_s().
>
> This is a discussed follow-up that, instead, extends the sock
> API and adds sock_kzfree_s(), which internally uses kzfree()
> instead of kfree() for passing the buffers back to slab.
>
> Having sock_kzfree_s() allows to keep the changes more minimal
> by just having a drop-in replacement instead of adding
> memzero_explicit() calls everywhere before sock_kfree_s().
>
> In kzfree(), the compiler is not allowed to optimize the memset()
> away and thus there's no need for memzero_explicit(). Both,
> sock_kfree_s() and sock_kzfree_s() are wrappers for
> __sock_kfree_s() and call into kfree() resp. kzfree(); here,
> __sock_kfree_s() needs to be explicitly inlined as we want the
> compiler to optimize the call and condition away and thus it
> produces e.g. on x86_64 the _same_ assembler output for
> sock_kfree_s() before and after, and thus also allows for
> avoiding code duplication.
>
> Cc: David S. Miller <davem@xxxxxxxxxxxxx>
> Signed-off-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
Patch applied. Thanks!
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
