From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F205C433E2 for ; Tue, 16 Jun 2020 06:42:16 +0000 (UTC) Received: from krantz.zx2c4.com (krantz.zx2c4.com [192.95.5.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 16968207E8 for ; Tue, 16 Jun 2020 06:42:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 16968207E8 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=wireguard-bounces@lists.zx2c4.com Received: by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 2f54f88b; Tue, 16 Jun 2020 06:24:19 +0000 (UTC) Received: from mail-ej1-f65.google.com (mail-ej1-f65.google.com [209.85.218.65]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id 92ca9e22 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Tue, 16 Jun 2020 06:24:16 +0000 (UTC) Received: by mail-ej1-f65.google.com with SMTP id k11so20237915ejr.9 for ; Mon, 15 Jun 2020 23:42:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=8yT+7Ta/B3BUGUR35Fz/0p22bghMwTUAxgTnwepounI=; b=Bxea/hAKmEjFvW6TRK42YHdRssGXaQotGxhskV+zs5zQSNz2M1eanJRvP/4bXms0Fx oKlVxjsTClj6C2xRKGT0kDxQL4MKofW5DI3W0kkAC9RK/wBMrOF+VrB0FmT+XTgM+A91 VA9Gr1HQNs3/CXIGfTSa3CBnYFYb9Ja6+7FvjFfYNjftgWiiV+eBD8OEkLNEOYJq0gK8 YmfNsmbK0oYQVsS9rpEasHSC2PtQlZHUhV/OjRrhBQfP6syMqNriXaPqjovGcRBhW4Ps ju3wfwMVqxjl6MPyIUDLgcG5QXQwxJrQc1EFIQQRDedZypyMSy7yP52f4VQGdMIhMdIZ 0H1Q== X-Gm-Message-State: AOAM531idcNDLJGNvOxHObeqRSP152yhBH6lp5kl1xkHGLwR3vR+Vh5/ 3Cr7YjpyfmzOM4pcMPTAcJc= X-Google-Smtp-Source: ABdhPJwG7kr4DUIGgc4iCDEeodlEq5kx0AY8+Z/EURP92P+0Zf4E0UWpXqDGfffbUz9uBG+pBru51g== X-Received: by 2002:a17:906:ce2f:: with SMTP id sd15mr1306745ejb.445.1592289731375; Mon, 15 Jun 2020 23:42:11 -0700 (PDT) Received: from localhost (ip-37-188-174-201.eurotel.cz. [37.188.174.201]) by smtp.gmail.com with ESMTPSA id j10sm9734428edf.97.2020.06.15.23.42.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2020 23:42:10 -0700 (PDT) Date: Tue, 16 Jun 2020 08:42:08 +0200 From: Michal Hocko To: Waiman Long Cc: Andrew Morton , David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , Linus Torvalds , Joe Perches , Matthew Wilcox , David Rientjes , Johannes Weiner , Dan Carpenter , David Sterba , "Jason A . Donenfeld" , linux-mm@kvack.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, linux-pm@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-amlogic@lists.infradead.org, linux-mediatek@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, linux-ppp@vger.kernel.org, wireguard@lists.zx2c4.com, linux-wireless@vger.kernel.org, devel@driverdev.osuosl.org, linux-scsi@vger.kernel.org, target-devel@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-fscrypt@vger.kernel.org, ecryptfs@vger.kernel.org, kasan-dev@googlegroups.com, linux-bluetooth@vger.kernel.org, linux-wpan@vger.kernel.org, linux-sctp@vger.kernel.org, linux-nfs@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH v4 1/3] mm/slab: Use memzero_explicit() in kzfree() Message-ID: <20200616064208.GA9499@dhcp22.suse.cz> References: <20200616015718.7812-1-longman@redhat.com> <20200616015718.7812-2-longman@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200616015718.7812-2-longman@redhat.com> X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" On Mon 15-06-20 21:57:16, Waiman Long wrote: > The kzfree() function is normally used to clear some sensitive > information, like encryption keys, in the buffer before freeing it back > to the pool. Memset() is currently used for the buffer clearing. However, > it is entirely possible that the compiler may choose to optimize away the > memory clearing especially if LTO is being used. To make sure that this > optimization will not happen, memzero_explicit(), which is introduced > in v3.18, is now used in kzfree() to do the clearing. > > Fixes: 3ef0e5ba4673 ("slab: introduce kzfree()") > Cc: stable@vger.kernel.org > Signed-off-by: Waiman Long Acked-by: Michal Hocko Although I am not really sure this is a stable material. Is there any known instance where the memset was optimized out from kzfree? > --- > mm/slab_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/slab_common.c b/mm/slab_common.c > index 9e72ba224175..37d48a56431d 100644 > --- a/mm/slab_common.c > +++ b/mm/slab_common.c > @@ -1726,7 +1726,7 @@ void kzfree(const void *p) > if (unlikely(ZERO_OR_NULL_PTR(mem))) > return; > ks = ksize(mem); > - memset(mem, 0, ks); > + memzero_explicit(mem, ks); > kfree(mem); > } > EXPORT_SYMBOL(kzfree); > -- > 2.18.1 > -- Michal Hocko SUSE Labs