git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Waiman Long <longman@redhat.com>
	Thu, 4 Jun 2020 23:48:21 +0000 (16:48 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Fri, 5 Jun 2020 02:06:22 +0000 (19:06 -0700)
commit	d4eaa2837851db2bfed572898bfc17f9a9f9151e
tree	2256caa7e02fc3f9f17507623a87f87ecc347b84	tree \| snapshot
parent	090e77e166334b83f555de408df64b9ab394ea08	commit \| diff

mm: add kvfree_sensitive() for freeing sensitive data objects

For kvmalloc'ed data object that contains sensitive information like
cryptographic keys, we need to make sure that the buffer is always cleared
before freeing it.  Using memset() alone for buffer clearing may not
provide certainty as the compiler may compile it away.  To be sure, the
special memzero_explicit() has to be used.

This patch introduces a new kvfree_sensitive() for freeing those sensitive
data objects allocated by kvmalloc().  The relevant places where
kvfree_sensitive() can be used are modified to use it.

Fixes: 4f0882491a14 ("KEYS: Avoid false positive ENOMEM error on key read")
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Uladzislau Rezki <urezki@gmail.com>
Link: http://lkml.kernel.org/r/20200407200318.11711-1-longman@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

include/linux/mm.h		diff \| blob \| history
mm/util.c		diff \| blob \| history
security/keys/internal.h		diff \| blob \| history
security/keys/keyctl.c		diff \| blob \| history