On Tue, 2020-04-07 at 16:03 -0400, Waiman Long wrote: > For kvmalloc'ed data object that contains sensitive information like > cryptographic key, we need to make sure that the buffer is always > cleared before freeing it. Using memset() alone for buffer clearing may > not provide certainty as the compiler may compile it away. To be sure, > the special memzero_explicit() has to be used. > > This patch introduces a new kvfree_sensitive() for freeing those > sensitive data objects allocated by kvmalloc(). The relevnat places > where kvfree_sensitive() can be used are modified to use it. [] > diff --git a/include/linux/mm.h b/include/linux/mm.h [] > @@ -757,6 +757,7 @@ static inline void *kvcalloc(size_t n, size_t size, gfp_t flags) > } > > extern void kvfree(const void *addr); > +extern void kvfree_sensitive(const void *addr, size_t len); Why should size_t len be required? Why not do what kzfree does and memset the entire allocation? (area->size)
