From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62333C433DF for ; Sun, 17 May 2020 00:27:50 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1011D2075F for ; Sun, 17 May 2020 00:27:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eZM12Y5Q" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1011D2075F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id AD14A900002; Sat, 16 May 2020 20:27:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A82508E0001; Sat, 16 May 2020 20:27:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9978E900002; Sat, 16 May 2020 20:27:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0126.hostedemail.com [216.40.44.126]) by kanga.kvack.org (Postfix) with ESMTP id 7FB698E0001 for ; Sat, 16 May 2020 20:27:49 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 431D0181AEF07 for ; Sun, 17 May 2020 00:27:49 +0000 (UTC) X-FDA: 76824323058.19.lunch95_2724ae660ed01 X-HE-Tag: lunch95_2724ae660ed01 X-Filterd-Recvd-Size: 4524 Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196]) by imf34.hostedemail.com (Postfix) with ESMTP for ; Sun, 17 May 2020 00:27:48 +0000 (UTC) Received: by mail-pf1-f196.google.com with SMTP id 23so2969619pfy.8 for ; Sat, 16 May 2020 17:27:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=NIIv/XyY0O9Xz6PLyvj9mxt+StwQRUOgmE4anFhaN7Q=; b=eZM12Y5QF2vu3U/oPfGiRQrKgdsqdS6VH89cAt7GiBSFWhvvqQbtcN4RTBqGeB13j8 0soEliS0TIb3kqeo5cds5xiKNiO0YlkZttGPKlLMPWAiXyWKW9cY0Ez3X8ebqic1HMaS xAgoMZHyPlAn6uKNRYQDa83wX5OTS/h6WB273VFiCF8i14GyJLrCzVo0HIgu6er/wlSd yocH0myVYzg92DmtrjX+JSkHxpbR2ItDTt+gpDnB/LiPKDMNFOrwFk9LHeepTu1JUYJb pXW/JS6j08YhggraE/twY3wWWytRuG7AIkuG6X9IcUluanKwXJH7xygez+Xt8o/t8OIJ ACVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=NIIv/XyY0O9Xz6PLyvj9mxt+StwQRUOgmE4anFhaN7Q=; b=FVynizttrarRTgI+5RkIOZwFJrZW4IhjZxehpVikY0gVW7xyOXDjvlfcgTXRBKEpSH 67D0tQk4Nz3FP6Hz9ARshFr6OSGHO/7GvhTX077Qxeu6mQhpazkizuk/bZlJTJijz7x3 HsJe9DB+6FOc/nXEOO1ELcpMUVcuLvY1l/brgjSSyDH1IQX5H9QviWZzWXCzV11UfPQ1 5h8A/pukO1lK3vRHpmUFfxwtlTxMlHb5IDdGewOQSGGKEVBGSwzwE214nHqWWYfJVhpW zF32FcNAytt6V3v5oZVuxlqG9H7eOskMz7OEwbX4Eq9WQn98YYgGrTjZVcFG4+2ZLebL OSRQ== X-Gm-Message-State: AOAM530VWZKrTPeWu0JaAeEe9rr2MJyhf8Vuc1tUjHsZOk2FCQXZQEMP nPmt9Rwp49pq7+UNfDwU5rs= X-Google-Smtp-Source: ABdhPJwsa9AocdDlyKPIRck6y0pp4qnnz6xKVHUzR46H8TOxyF/1wqQjkq0i5/K2t5AS2fIaleSBcg== X-Received: by 2002:a62:3c5:: with SMTP id 188mr10053202pfd.41.1589675267856; Sat, 16 May 2020 17:27:47 -0700 (PDT) Received: from [192.168.68.125] ([210.185.116.244]) by smtp.gmail.com with ESMTPSA id p24sm5080988pff.92.2020.05.16.17.27.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 16 May 2020 17:27:46 -0700 (PDT) Subject: Re: [PATCH v3] mm: Add kvfree_sensitive() for freeing sensitive data objects To: Matthew Wilcox Cc: Waiman Long , Andrew Morton , David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , linux-mm@kvack.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, Linus Torvalds , Joe Perches , David Rientjes References: <20200407200318.11711-1-longman@redhat.com> <1158ff38-c65d-379f-8ae7-6f507d9fc8dd@gmail.com> <20200514120018.GA16070@bombadil.infradead.org> From: Balbir Singh Message-ID: Date: Sun, 17 May 2020 10:27:39 +1000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <20200514120018.GA16070@bombadil.infradead.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 14/5/20 10:00 pm, Matthew Wilcox wrote: > On Thu, May 14, 2020 at 09:00:40PM +1000, Balbir Singh wrote: >> I wonder if the right thing to do is also to disable pre-emption, just so that the thread does not linger on with sensitive data. >> >> void kvfree_sensitive(const void *addr, size_t len) >> { >> preempt_disable(); >> if (likely(!ZERO_OR_NULL_PTR(addr))) { >> memzero_explicit((void *)addr, len); >> kvfree(addr); >> } >> preempt_enable(); >> } >> EXPORT_SYMBOL(kvfree_sensitive); > > If it's _that_ sensitive then the caller should have disabled preemption. > Because preemption could otherwise have occurred immediately before > kvfree_sensitive() was called. > May be, but the callers of the API have to be explictly aware of the contract. I don't disagree with you on what you've said, but I was referring to the intent of freeing sensitive data vs the turn around time for doing so. Balbir Singh.