From: Linus Torvalds <torvalds@linux-foundation.org>
To: Joe Perches <joe@perches.com>
Cc: David Howells <dhowells@redhat.com>,
Waiman Long <longman@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Linux-MM <linux-mm@kvack.org>,
keyrings@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] mm: Add kvfree_sensitive() for freeing sensitive data objects
Date: Mon, 6 Apr 2020 10:11:38 -0700 [thread overview]
Message-ID: <CAHk-=wgyt8j5rEnyKE8YdrRjQof1kvyom1CensTE0-Bp-meGnA@mail.gmail.com> (raw)
In-Reply-To: <adc76d7c441e8f10697b61ceaff66207fb219886.camel@perches.com>
On Mon, Apr 6, 2020 at 9:44 AM Joe Perches <joe@perches.com> wrote:
>
> Dubious assertion. Both end up with zeroed memory.
You don't understand the function.
You ignored the part where the zeroed memory isn't even the _point_.
Yes, for kzalloc() it is. There the zero is inherent and important.
People very much depend on it, and it's the whole point of that
function. The 'z' is not silent.
But for kzfree() it really really isn't. There the zeroing is never
going to be seen by anybody wjho does the right thing, and is not
important at all - it's purely a "let's make sure old contents don't
leak".
The "zero" part is completely immaterial, it could just as well have
been a "memset(0xaa)" instead.
And you didn't seem to understand that kzfree() shouldn't use memset()
in the first place, so it's not even using the same operation.
You really don't seem to get the whole "kzfree() has absolutely
_nothing_ to do with kzalloc() apart from a dubious implementation
details".
Should you name all global variables with a 'z' in their name
somewhere? They start out zeroed too - so pretty much according to
your logic, they are exactly the same as 'kzalloc()'.
Linus
next prev parent reply other threads:[~2020-04-06 17:12 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-06 2:37 Waiman Long
2020-04-06 4:20 ` David Rientjes
2020-04-06 14:36 ` Waiman Long
2020-04-06 14:39 ` Matthew Wilcox
2020-04-06 7:44 ` David Howells
2020-04-06 23:20 ` David Rientjes
2020-04-06 14:32 ` David Howells
2020-04-06 14:40 ` Waiman Long
2020-04-06 15:45 ` Joe Perches
2020-04-06 16:00 ` David Howells
2020-04-06 16:10 ` Joe Perches
2020-04-06 16:41 ` Linus Torvalds
2020-04-06 16:42 ` Joe Perches
2020-04-06 17:11 ` Linus Torvalds [this message]
2020-04-06 17:20 ` Joe Perches
2020-04-06 17:26 ` Matthew Wilcox
2020-04-06 17:33 ` Linus Torvalds
2020-04-06 17:46 ` Joe Perches
2020-04-06 17:58 ` Waiman Long
2020-04-06 18:06 ` Linus Torvalds
2020-04-06 18:46 ` Joe Perches
2020-04-06 16:26 ` David Howells
2020-04-06 16:38 ` Joe Perches
2020-04-06 17:10 ` Joe Perches
2020-04-06 17:24 ` Matthew Wilcox
2020-04-06 17:26 ` Linus Torvalds
2020-04-06 17:51 ` David Howells
2020-04-06 17:58 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wgyt8j5rEnyKE8YdrRjQof1kvyom1CensTE0-Bp-meGnA@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=akpm@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jmorris@namei.org \
--cc=joe@perches.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=longman@redhat.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox