On 4/6/20 3:38 PM, Joe Perches wrote: > On Mon, 2020-04-06 at 14:58 -0400, Waiman Long wrote: >> For kvmalloc'ed data object that contains sensitive information like >> cryptographic key, we need to make sure that the buffer is always >> cleared before freeing it. Using memset() alone for buffer clearing may >> not provide certainty as the compiler may compile it away. To be sure, >> the special memzero_explicit() has to be used. > [] >> extern void kvfree(const void *addr); >> +extern void kvfree_sensitive(const void *addr, size_t len); > Question: why should this be const? > > 2.1.44 changed kfree(void *) to kfree(const void *) but > I didn't find a particular reason why. I am just following the function prototype used by kvfree(). Even kzfree(const void *) use const. I can remove "const" if others agree. Cheers, Longman
