From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57E47C2D0EC for ; Tue, 7 Apr 2020 21:01:24 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C87402075E for ; Tue, 7 Apr 2020 21:01:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="Rea+dN4P" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C87402075E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 3601F8E001C; Tue, 7 Apr 2020 17:01:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2E9148E0001; Tue, 7 Apr 2020 17:01:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 18A428E001C; Tue, 7 Apr 2020 17:01:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0112.hostedemail.com [216.40.44.112]) by kanga.kvack.org (Postfix) with ESMTP id F0B448E0001 for ; Tue, 7 Apr 2020 17:01:22 -0400 (EDT) Received: from smtpin06.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id AFD921CDA for ; Tue, 7 Apr 2020 21:01:22 +0000 (UTC) X-FDA: 76682279604.06.work91_29159e11f3518 X-HE-Tag: work91_29159e11f3518 X-Filterd-Recvd-Size: 4522 Received: from mail-lf1-f66.google.com (mail-lf1-f66.google.com [209.85.167.66]) by imf20.hostedemail.com (Postfix) with ESMTP for ; Tue, 7 Apr 2020 21:01:22 +0000 (UTC) Received: by mail-lf1-f66.google.com with SMTP id l11so3492683lfc.5 for ; Tue, 07 Apr 2020 14:01:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=epjd3hRndDDxUzNxhGw+kNUEWswsyoCP1k+ltMRz2F0=; b=Rea+dN4Po4ublGuumqEu1Z9YdmnTeD34HLjcUPAn4kHYHWLUNPIQ/VZCsT6xyf8JiS bmcrncrGMpFp3ozkp1oN3IxqZ435NGWt/x7uln8afuzN0jgjeD5EbAAwriXLYujNsWDj hGtKlgxlKKZWInJKxtH5YVmPqsKEobcBPvotE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=epjd3hRndDDxUzNxhGw+kNUEWswsyoCP1k+ltMRz2F0=; b=VWkbHCeSTnKg81iNEk5iTY2A/zmoHX4CEBcysBKM9FatnUnGvQ5JSoC/P4BClRxdHd 7DFq6LCwa1OElb9IaNf/J9J34jAZN1Jb1uOZ1PpeOLh367ZZzm96R4q8VKzwVaujd6Le nKevjlEW0wsPkSnNhP46PT2RsMGtOyi1dSNjz5JLuIRXlIk5Xyr1Um80Yh25/mzf7R18 L+ZEsAQr4pSenYaoHxNgw41KGdb8Z7PG4UaCfM1l8Fcysr1uSck5Y1pPQdn9TNV1+KP2 X39Y+teb3ZX3Vhd+TIwqFE+qWh5LKtQ7XuohKAHri9a2RA5VJbt1WLGAhuLbb9jnn1ep ULxg== X-Gm-Message-State: AGi0PuZSHxXfdxmxlVbKr14A+Qxq0HIpLVAV6t4LEGsEGooPkA23uN2F VB7ISGhEdgN+AS8HIZ5594BKkLZdF8Q= X-Google-Smtp-Source: APiQypJ3nPg71sRCoQRiyEoHiFDVnyAVUBLWkG9Im9O7wDm6CD9LLNqBLco9E2HEP2OChh/1rx27tg== X-Received: by 2002:a19:5217:: with SMTP id m23mr2642537lfb.202.1586293279369; Tue, 07 Apr 2020 14:01:19 -0700 (PDT) Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com. [209.85.208.177]) by smtp.gmail.com with ESMTPSA id o18sm3480090lfb.13.2020.04.07.14.01.17 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 07 Apr 2020 14:01:17 -0700 (PDT) Received: by mail-lj1-f177.google.com with SMTP id k21so5363162ljh.2 for ; Tue, 07 Apr 2020 14:01:17 -0700 (PDT) X-Received: by 2002:a05:651c:50e:: with SMTP id o14mr2769380ljp.241.1586293277007; Tue, 07 Apr 2020 14:01:17 -0700 (PDT) MIME-Version: 1.0 References: <20200407200318.11711-1-longman@redhat.com> <0fe5dcaf078be61ef21c7f18b750c5dc14c69dd7.camel@perches.com> <67c51b03-192c-3006-5071-452f351aee67@redhat.com> In-Reply-To: <67c51b03-192c-3006-5071-452f351aee67@redhat.com> From: Linus Torvalds Date: Tue, 7 Apr 2020 14:01:01 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects To: Waiman Long Cc: Joe Perches , Andrew Morton , David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , Linux-MM , keyrings@vger.kernel.org, Linux Kernel Mailing List , Matthew Wilcox , David Rientjes Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Apr 7, 2020 at 1:45 PM Waiman Long wrote: > > If the memory is really virtually mapped, the only way to find out the > size of the object is to use find_vm_area() which can be relatively high > cost and no simple helper function is available. We _could_ just push it down to a "vfree_sensitive()", and do it inside the vfree logic. That ends up obviously figuring out the size of the area eventually. But since the vmalloc data structures fundamentally aren't irq-safe, vfree() actually has magical things like "if called in an interrupt, we'll delay it to work context". So that "eventually" can be quite a bit later, and it would delay the overwriting of the sensitive data if we did that. So this patch does end up simpler, but for vfree data it is actually technically the better approach too (since overwriting the sensitive data asap is what you want). Linus