On 5/8/2023 12:18 PM, Elliott, Robert (Servers) wrote:
diff --git a/arch/x86/kernel/keylocker.c b/arch/x86/kernel/keylocker.c
...
+void __init destroy_keylocker_data(void)
+{
+ memset(&kl_setup.key, KEY_DESTROY, sizeof(kl_setup.key));
+}
That's a special value for garbage collected keyring keys assigned
a keytype of ".dead". memzero() or memzero_explicit() might be better
for this use case.
memzero() looks to be the same as memset() in x86:
$ git grep memzero arch/x86/ | grep define
arch/x86/boot/compressed/misc.c:#define memzero(s, n) memset((s), 0, (n))
Instead, memzero_explicit() looks to be about the right call here:
/**
* memzero_explicit - Fill a region of memory (e.g. sensitive
* keying data) with 0s.
...
* Note: usually using memset() is just fine (!), but in cases
* where clearing out _local_ data at the end of a scope is
* necessary, memzero_explicit() should be used instead in
* order to prevent the compiler from optimising away zeroing.
...
Then,
void __init destroy_keylocker_data(void)
{
memzero_explicit(&kl_setup.key, sizeof(kl_setup.key));
}
Thanks,
Chang
