Waiman Long <longman@xxxxxxxxxx> wrote: > That is not as simple as I thought. First of that, there is not an > equivalent kzvfree() helper to clear the buffer first before clearing. > Of course, I can do that manually. Yeah, the actual substance of vfree() may get deferred. It may be worth adding a kvzfree() that switches between kzfree() and memset(),vfree(). > With patch 2, the allocated buffer length will be max(1024, keylen). The > security code uses kmalloc() for allocation. If we use kvalloc() here, > perhaps we should also use that for allocation that can be potentially > large like that in big_key. What do you think? Not for big_key: if it's larger than BIG_KEY_FILE_THRESHOLD (~1KiB) it gets written encrypted into shmem so that it can be swapped out to disk when not in use. However, other cases, sure - just be aware that on a 32-bit system, vmalloc/vmap space is a strictly limited resource. David
