On Mon, 2020-04-06 at 14:58 -0400, Waiman Long wrote: > For kvmalloc'ed data object that contains sensitive information like > cryptographic key, we need to make sure that the buffer is always > cleared before freeing it. Using memset() alone for buffer clearing may > not provide certainty as the compiler may compile it away. To be sure, > the special memzero_explicit() has to be used. [] > extern void kvfree(const void *addr); > +extern void kvfree_sensitive(const void *addr, size_t len); Question: why should this be const? 2.1.44 changed kfree(void *) to kfree(const void *) but I didn't find a particular reason why.
