From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CB2FC2BA19 for ; Wed, 15 Apr 2020 19:24:02 +0000 (UTC) Received: from isis.lip6.fr (isis.lip6.fr [132.227.60.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B36A5206D5 for ; Wed, 15 Apr 2020 19:24:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=cmpxchg-org.20150623.gappssmtp.com header.i=@cmpxchg-org.20150623.gappssmtp.com header.b="Tcxzc6xC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B36A5206D5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=cmpxchg.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=cocci-bounces@systeme.lip6.fr Received: from systeme.lip6.fr (systeme.lip6.fr [132.227.104.7]) by isis.lip6.fr (8.15.2/8.15.2) with ESMTP id 03FJNn3U006012; Wed, 15 Apr 2020 21:23:49 +0200 (CEST) Received: from systeme.lip6.fr (systeme.lip6.fr [127.0.0.1]) by systeme.lip6.fr (Postfix) with ESMTP id 0C8047839; Wed, 15 Apr 2020 21:23:49 +0200 (CEST) Received: from isis.lip6.fr (isis.lip6.fr [132.227.60.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by systeme.lip6.fr (Postfix) with ESMTPS id B21033DC8 for ; Wed, 15 Apr 2020 07:01:10 +0200 (CEST) Received: from mail-qv1-xf42.google.com (mail-qv1-xf42.google.com [IPv6:2607:f8b0:4864:20:0:0:0:f42]) by isis.lip6.fr (8.15.2/8.15.2) with ESMTPS id 03F518xP021696 (version=TLSv1.2 cipher=AES128-GCM-SHA256 bits=128 verify=OK) for ; Wed, 15 Apr 2020 07:01:09 +0200 (CEST) Received: by mail-qv1-xf42.google.com with SMTP id 37so1088732qvc.8 for ; Tue, 14 Apr 2020 22:01:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=Tcxzc6xC3iVTZShTUf3CIv3N8B5ZyCbru12fLV5+tpVooL5/Bo3MM2R4w1+y/qKNnw 9lu0zJBRs+VK1Bc14YzwiZC+K/efs95VT8GzxaoJoz3t2WhfDZxWX+BgsMNU20r8wRPv WS98QN/V8NZIzymtO0juNqdA9Tg6/2OTyjU7Zm1KL9ejebzf7wo1d0uOEsRrlg17M8fg qYmffi6H6MwGLJe4epZjwPPvjWIdIXS0xtejpuhYYUqQSrz2GfoywvJh6tC6sCJVyKe7 xzOQhWdIv/o82YQJCk9DtMPUw2B8iLWuNwugd4l1OepDEbLixuOHRPHRALsrInJO+Rsn o1og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=JO+ktV0LSuwQP9d6cUy48+Yn6xtuA0Ni94De2KaVLF9tH1psATDt0yTimVo6mFiQvY e5U7I3LHqv681CEnewHWSQ6f2/7HBuWNOLiIpEifB0qkShd4ieZ85aOhR02DMNjDES2w Y/w07pbV4jkCPryfl+rXiHS/um+1zMeHEFAv3KHGuZZj9xWJCQH8Cofcpmkjdu+iE3H2 uPRb5QFbQhT4zx4+0RD/quhO0rF1+SPrP3r3u3PrW50M2kKPhx7XzUwz+2oRQDAyOMVL gAp5BqAO7cO8pAFoDUgseIcJGRzKVdObx6bAgiE0cVncEu5cLkE+buEFmJqqQhzfzcBR BdSA== X-Gm-Message-State: AGi0PuZwMLU9KGdirsnhr7vsxgy4wCeqpfgFKi4ZSgCmeeOfElgjdw3D AvakRpPwV24uTCjPSehGG3KOWw== X-Google-Smtp-Source: APiQypJRjg+PyUSZjrIkjpxdMfgyPb9bMEWnffTFRMxoE1aQMUITXzNurR0P/0BN6q0H0W5xTyhSBA== X-Received: by 2002:a0c:e88d:: with SMTP id b13mr3243342qvo.245.1586926868219; Tue, 14 Apr 2020 22:01:08 -0700 (PDT) Received: from localhost ([2620:10d:c091:480::e623]) by smtp.gmail.com with ESMTPSA id 10sm6168833qtp.4.2020.04.14.22.01.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 22:01:07 -0700 (PDT) Date: Wed, 15 Apr 2020 01:01:06 -0400 From: Johannes Weiner To: Waiman Long Message-ID: <20200415050106.GA154671@cmpxchg.org> References: <20200413211550.8307-1-longman@redhat.com> <20200413211550.8307-2-longman@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200413211550.8307-2-longman@redhat.com> X-Greylist: Sender IP whitelisted, Sender e-mail whitelisted, not delayed by milter-greylist-4.4.3 (isis.lip6.fr [132.227.60.2]); Wed, 15 Apr 2020 21:23:49 +0200 (CEST) X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.4.3 (isis.lip6.fr [IPv6:2001:660:3302:283c:0:0:0:2]); Wed, 15 Apr 2020 07:01:09 +0200 (CEST) X-Scanned-By: MIMEDefang 2.78 on 132.227.60.2 X-Scanned-By: MIMEDefang 2.78 X-Mailman-Approved-At: Wed, 15 Apr 2020 21:23:46 +0200 Cc: linux-btrfs@vger.kernel.org, Jarkko Sakkinen , virtualization@lists.linux-foundation.org, David Howells , linux-mm@kvack.org, linux-sctp@vger.kernel.org, keyrings@vger.kernel.org, kasan-dev@googlegroups.com, samba-technical@lists.samba.org, linux-stm32@st-md-mailman.stormreply.com, devel@driverdev.osuosl.org, linux-s390@vger.kernel.org, linux-scsi@vger.kernel.org, x86@kernel.org, James Morris , Matthew Wilcox , cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org, intel-wired-lan@lists.osuosl.org, David Rientjes , "Serge E. Hallyn" , linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org, linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-amlogic@lists.infradead.org, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-cifs@vger.kernel.org, Linus Torvalds , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, linux-bluetooth@vger.kernel.org, linux-security-module@vger.kernel.org, target-devel@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-crypto@vger.kernel.org, netdev@vger.kernel.org, Joe Perches , Andrew Morton , linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com, linux-ppp@vger.kernel.org Subject: Re: [Cocci] [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() X-BeenThere: cocci@systeme.lip6.fr X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: cocci-bounces@systeme.lip6.fr Errors-To: cocci-bounces@systeme.lip6.fr On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote: > As said by Linus: > > A symmetric naming is only helpful if it implies symmetries in use. > Otherwise it's actively misleading. As the btrfs example proves - people can be tempted by this false symmetry to pair kzalloc with kzfree, which isn't what we wanted. > In "kzalloc()", the z is meaningful and an important part of what the > caller wants. > > In "kzfree()", the z is actively detrimental, because maybe in the > future we really _might_ want to use that "memfill(0xdeadbeef)" or > something. The "zero" part of the interface isn't even _relevant_. > > The main reason that kzfree() exists is to clear sensitive information > that should not be leaked to other future users of the same memory > objects. > > Rename kzfree() to kfree_sensitive() to follow the example of the > recently added kvfree_sensitive() and make the intention of the API > more explicit. In addition, memzero_explicit() is used to clear the > memory to make sure that it won't get optimized away by the compiler. > > The renaming is done by using the command sequence: > > git grep -w --name-only kzfree |\ > xargs sed -i 's/\bkzfree\b/kfree_sensitive/' > > followed by some editing of the kfree_sensitive() kerneldoc and the > use of memzero_explicit() instead of memset(). > > Suggested-by: Joe Perches > Signed-off-by: Waiman Long Looks good to me. Thanks for fixing this very old mistake. Acked-by: Johannes Weiner _______________________________________________ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci From mboxrd@z Thu Jan 1 00:00:00 1970 From: Johannes Weiner Subject: Re: [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() Date: Wed, 15 Apr 2020 01:01:06 -0400 Message-ID: <20200415050106.GA154671@cmpxchg.org> References: <20200413211550.8307-1-longman@redhat.com> <20200413211550.8307-2-longman@redhat.com> Mime-Version: 1.0 Return-path: Content-Disposition: inline In-Reply-To: <20200413211550.8307-2-longman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> Sender: linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-ID: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Waiman Long Cc: Andrew Morton , David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , Linus Torvalds , Joe Perches , Matthew Wilcox , David Rientjes , linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-s390-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-stm32-XDFAJ8BFU24N7RejjzZ/Li2xQDfSxrLKVpNB7YpNyf8@public.gmane.org, linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org, linux-amlogic-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org, linux-mediatek-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org, linuxppc-dev-uLR06cmDAlY/bJ5BZ2RsiQ@public.gmane.org, virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, netdev@vg On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote: > As said by Linus: > > A symmetric naming is only helpful if it implies symmetries in use. > Otherwise it's actively misleading. As the btrfs example proves - people can be tempted by this false symmetry to pair kzalloc with kzfree, which isn't what we wanted. > In "kzalloc()", the z is meaningful and an important part of what the > caller wants. > > In "kzfree()", the z is actively detrimental, because maybe in the > future we really _might_ want to use that "memfill(0xdeadbeef)" or > something. The "zero" part of the interface isn't even _relevant_. > > The main reason that kzfree() exists is to clear sensitive information > that should not be leaked to other future users of the same memory > objects. > > Rename kzfree() to kfree_sensitive() to follow the example of the > recently added kvfree_sensitive() and make the intention of the API > more explicit. In addition, memzero_explicit() is used to clear the > memory to make sure that it won't get optimized away by the compiler. > > The renaming is done by using the command sequence: > > git grep -w --name-only kzfree |\ > xargs sed -i 's/\bkzfree\b/kfree_sensitive/' > > followed by some editing of the kfree_sensitive() kerneldoc and the > use of memzero_explicit() instead of memset(). > > Suggested-by: Joe Perches > Signed-off-by: Waiman Long Looks good to me. Thanks for fixing this very old mistake. Acked-by: Johannes Weiner From mboxrd@z Thu Jan 1 00:00:00 1970 From: Johannes Weiner Date: Wed, 15 Apr 2020 01:01:06 -0400 Subject: [Intel-wired-lan] [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() In-Reply-To: <20200413211550.8307-2-longman@redhat.com> References: <20200413211550.8307-1-longman@redhat.com> <20200413211550.8307-2-longman@redhat.com> Message-ID: <20200415050106.GA154671@cmpxchg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: intel-wired-lan@osuosl.org List-ID: On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote: > As said by Linus: > > A symmetric naming is only helpful if it implies symmetries in use. > Otherwise it's actively misleading. As the btrfs example proves - people can be tempted by this false symmetry to pair kzalloc with kzfree, which isn't what we wanted. > In "kzalloc()", the z is meaningful and an important part of what the > caller wants. > > In "kzfree()", the z is actively detrimental, because maybe in the > future we really _might_ want to use that "memfill(0xdeadbeef)" or > something. The "zero" part of the interface isn't even _relevant_. > > The main reason that kzfree() exists is to clear sensitive information > that should not be leaked to other future users of the same memory > objects. > > Rename kzfree() to kfree_sensitive() to follow the example of the > recently added kvfree_sensitive() and make the intention of the API > more explicit. In addition, memzero_explicit() is used to clear the > memory to make sure that it won't get optimized away by the compiler. > > The renaming is done by using the command sequence: > > git grep -w --name-only kzfree |\ > xargs sed -i 's/\bkzfree\b/kfree_sensitive/' > > followed by some editing of the kfree_sensitive() kerneldoc and the > use of memzero_explicit() instead of memset(). > > Suggested-by: Joe Perches > Signed-off-by: Waiman Long Looks good to me. Thanks for fixing this very old mistake. Acked-by: Johannes Weiner From mboxrd@z Thu Jan 1 00:00:00 1970 From: Johannes Weiner Date: Wed, 15 Apr 2020 05:01:06 +0000 Subject: Re: [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() Message-Id: <20200415050106.GA154671@cmpxchg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit List-Id: References: <20200413211550.8307-1-longman@redhat.com> <20200413211550.8307-2-longman@redhat.com> In-Reply-To: <20200413211550.8307-2-longman@redhat.com> To: Waiman Long Cc: linux-btrfs@vger.kernel.org, Jarkko Sakkinen , virtualization@lists.linux-foundation.org, David Howells , linux-mm@kvack.org, linux-sctp@vger.kernel.org, keyrings@vger.kernel.org, kasan-dev@googlegroups.com, samba-technical@lists.samba.org, linux-stm32@st-md-mailman.stormreply.com, devel@driverdev.osuosl.org, linux-s390@vger.kernel.org, linux-scsi@vger.kernel.org, x86@kernel.org, James Morris , Matthew Wilcox , cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org, intel-wired-lan@lists.osuosl.org, David Rientjes , "Serge E. Hallyn" , linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org, linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-amlogic@lists.infradead.org, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-cifs@vger.kernel.org, Linus Torvalds , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, linux-bluetooth@vger.kernel.org, linux-security-module@vger.kernel.org, target-devel@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-crypto@vger.kernel.org, netdev@vger.kernel.org, Joe Perches , Andrew Morton , linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com, linux-ppp@vger.kernel.org On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote: > As said by Linus: > > A symmetric naming is only helpful if it implies symmetries in use. > Otherwise it's actively misleading. As the btrfs example proves - people can be tempted by this false symmetry to pair kzalloc with kzfree, which isn't what we wanted. > In "kzalloc()", the z is meaningful and an important part of what the > caller wants. > > In "kzfree()", the z is actively detrimental, because maybe in the > future we really _might_ want to use that "memfill(0xdeadbeef)" or > something. The "zero" part of the interface isn't even _relevant_. > > The main reason that kzfree() exists is to clear sensitive information > that should not be leaked to other future users of the same memory > objects. > > Rename kzfree() to kfree_sensitive() to follow the example of the > recently added kvfree_sensitive() and make the intention of the API > more explicit. In addition, memzero_explicit() is used to clear the > memory to make sure that it won't get optimized away by the compiler. > > The renaming is done by using the command sequence: > > git grep -w --name-only kzfree |\ > xargs sed -i 's/\bkzfree\b/kfree_sensitive/' > > followed by some editing of the kfree_sensitive() kerneldoc and the > use of memzero_explicit() instead of memset(). > > Suggested-by: Joe Perches > Signed-off-by: Waiman Long Looks good to me. Thanks for fixing this very old mistake. Acked-by: Johannes Weiner From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B51B1C2BB85 for ; Wed, 15 Apr 2020 05:01:27 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8B1AC20656 for ; Wed, 15 Apr 2020 05:01:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="GA+3cfGH"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=cmpxchg-org.20150623.gappssmtp.com header.i=@cmpxchg-org.20150623.gappssmtp.com header.b="Tcxzc6xC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8B1AC20656 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=cmpxchg.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-amlogic-bounces+linux-amlogic=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=v6GEp+ErqFt7cupS9QGi10MvhopXYRXvzcfIl5vSWeE=; b=GA+3cfGHEfh37t U8kthEi1yOYFhXoBZVMhhQ5ZOX2EffFMBU1xmMgEbx9YjE4fWMYFr59x1v3K7EpZKrGkL+Axvn06a mTAIdfAdNg0HRPaWouczVU57AoMKtWiPeGWfePkLb7hEkAK8186cEYeKFtXwKLBPTM4PsDiYP8TR/ 804t+gbF8fJcBmzPymNuSGBwbzgB8VHk8zXk4kEb9HLT7BqD/FgTMCQXgDPJK1UETGbVlSw/YFAS5 X7trSq5uRp7cf6THLpaBBwcPB5Kcdx4VMS0k7/isOb53xprLgcE/wlmoYA+G0V4Ht+yHqq2D+4Oev 3hRECT34eydU8vwcGKQQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOaAp-0005Gg-Dh; Wed, 15 Apr 2020 05:01:19 +0000 Received: from mail-qv1-xf43.google.com ([2607:f8b0:4864:20::f43]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOaAg-00057g-5b for linux-amlogic@lists.infradead.org; Wed, 15 Apr 2020 05:01:13 +0000 Received: by mail-qv1-xf43.google.com with SMTP id s3so1075364qvk.12 for ; Tue, 14 Apr 2020 22:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=Tcxzc6xC3iVTZShTUf3CIv3N8B5ZyCbru12fLV5+tpVooL5/Bo3MM2R4w1+y/qKNnw 9lu0zJBRs+VK1Bc14YzwiZC+K/efs95VT8GzxaoJoz3t2WhfDZxWX+BgsMNU20r8wRPv WS98QN/V8NZIzymtO0juNqdA9Tg6/2OTyjU7Zm1KL9ejebzf7wo1d0uOEsRrlg17M8fg qYmffi6H6MwGLJe4epZjwPPvjWIdIXS0xtejpuhYYUqQSrz2GfoywvJh6tC6sCJVyKe7 xzOQhWdIv/o82YQJCk9DtMPUw2B8iLWuNwugd4l1OepDEbLixuOHRPHRALsrInJO+Rsn o1og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=rZUGicF+VND8uUC0WhlGsY4SGj+KDys5R3fe+ivXEuH2PMFoVMERA2KX1fGfVYqn9d Ng42ezVl5XURbLXHYzNeBfHP0yjBShvFLAaBLePPdpQ/7WLs942lKwE/6VqIyIzgMB5V JgQmRt3aUsqGzN03STJgwUVKBdGs/nP+fm3Jyz1LTaKkt7PmdTgmNzaoW4Kpmfm3fIKh 9WqbLWM/iGco9yybh9LHUCbYepDz5ahn1rBPLJ7TAMT1P1GN/ZR3IZrK4qgB/Tz5n4L0 rzBSC7qeZ4bwrcrl5NhNh2HX6FzZup5Hw/yn3dpARBNz16Fmz2jO7RGGyQwgofaBeHcC WVlA== X-Gm-Message-State: AGi0PuZmR3H65cEFfGt4k1+zPJius40SgGUv4xOFTTMMm95uKgoaL4tv X3xBPn1yLaUviUlh2QVhPVgvcg== X-Google-Smtp-Source: APiQypJRjg+PyUSZjrIkjpxdMfgyPb9bMEWnffTFRMxoE1aQMUITXzNurR0P/0BN6q0H0W5xTyhSBA== X-Received: by 2002:a0c:e88d:: with SMTP id b13mr3243342qvo.245.1586926868219; Tue, 14 Apr 2020 22:01:08 -0700 (PDT) Received: from localhost ([2620:10d:c091:480::e623]) by smtp.gmail.com with ESMTPSA id 10sm6168833qtp.4.2020.04.14.22.01.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 22:01:07 -0700 (PDT) Date: Wed, 15 Apr 2020 01:01:06 -0400 From: Johannes Weiner To: Waiman Long Subject: Re: [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() Message-ID: <20200415050106.GA154671@cmpxchg.org> References: <20200413211550.8307-1-longman@redhat.com> <20200413211550.8307-2-longman@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200413211550.8307-2-longman@redhat.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200414_220110_216529_75D959D3 X-CRM114-Status: GOOD ( 12.75 ) X-BeenThere: linux-amlogic@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-btrfs@vger.kernel.org, Jarkko Sakkinen , virtualization@lists.linux-foundation.org, David Howells , linux-mm@kvack.org, linux-sctp@vger.kernel.org, keyrings@vger.kernel.org, kasan-dev@googlegroups.com, samba-technical@lists.samba.org, linux-stm32@st-md-mailman.stormreply.com, devel@driverdev.osuosl.org, linux-s390@vger.kernel.org, linux-scsi@vger.kernel.org, x86@kernel.org, James Morris , Matthew Wilcox , cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org, intel-wired-lan@lists.osuosl.org, David Rientjes , "Serge E. Hallyn" , linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org, linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-amlogic@lists.infradead.org, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-cifs@vger.kernel.org, Linus Torvalds , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, linux-bluetooth@vger.kernel.org, linux-security-module@vger.kernel.org, target-devel@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-crypto@vger.kernel.org, netdev@vger.kernel.org, Joe Perches , Andrew Morton , linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com, linux-ppp@vger.kernel.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-amlogic" Errors-To: linux-amlogic-bounces+linux-amlogic=archiver.kernel.org@lists.infradead.org On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote: > As said by Linus: > > A symmetric naming is only helpful if it implies symmetries in use. > Otherwise it's actively misleading. As the btrfs example proves - people can be tempted by this false symmetry to pair kzalloc with kzfree, which isn't what we wanted. > In "kzalloc()", the z is meaningful and an important part of what the > caller wants. > > In "kzfree()", the z is actively detrimental, because maybe in the > future we really _might_ want to use that "memfill(0xdeadbeef)" or > something. The "zero" part of the interface isn't even _relevant_. > > The main reason that kzfree() exists is to clear sensitive information > that should not be leaked to other future users of the same memory > objects. > > Rename kzfree() to kfree_sensitive() to follow the example of the > recently added kvfree_sensitive() and make the intention of the API > more explicit. In addition, memzero_explicit() is used to clear the > memory to make sure that it won't get optimized away by the compiler. > > The renaming is done by using the command sequence: > > git grep -w --name-only kzfree |\ > xargs sed -i 's/\bkzfree\b/kfree_sensitive/' > > followed by some editing of the kfree_sensitive() kerneldoc and the > use of memzero_explicit() instead of memset(). > > Suggested-by: Joe Perches > Signed-off-by: Waiman Long Looks good to me. Thanks for fixing this very old mistake. Acked-by: Johannes Weiner _______________________________________________ linux-amlogic mailing list linux-amlogic@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-amlogic From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 620FDC2BA2B for ; Wed, 15 Apr 2020 05:01:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3D7FE206A2 for ; Wed, 15 Apr 2020 05:01:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=cmpxchg-org.20150623.gappssmtp.com header.i=@cmpxchg-org.20150623.gappssmtp.com header.b="Tcxzc6xC" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2393186AbgDOFBn (ORCPT ); Wed, 15 Apr 2020 01:01:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2393185AbgDOFBJ (ORCPT ); Wed, 15 Apr 2020 01:01:09 -0400 Received: from mail-qv1-xf41.google.com (mail-qv1-xf41.google.com [IPv6:2607:f8b0:4864:20::f41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F7A6C061A41 for ; Tue, 14 Apr 2020 22:01:09 -0700 (PDT) Received: by mail-qv1-xf41.google.com with SMTP id du18so1108922qvb.4 for ; Tue, 14 Apr 2020 22:01:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=Tcxzc6xC3iVTZShTUf3CIv3N8B5ZyCbru12fLV5+tpVooL5/Bo3MM2R4w1+y/qKNnw 9lu0zJBRs+VK1Bc14YzwiZC+K/efs95VT8GzxaoJoz3t2WhfDZxWX+BgsMNU20r8wRPv WS98QN/V8NZIzymtO0juNqdA9Tg6/2OTyjU7Zm1KL9ejebzf7wo1d0uOEsRrlg17M8fg qYmffi6H6MwGLJe4epZjwPPvjWIdIXS0xtejpuhYYUqQSrz2GfoywvJh6tC6sCJVyKe7 xzOQhWdIv/o82YQJCk9DtMPUw2B8iLWuNwugd4l1OepDEbLixuOHRPHRALsrInJO+Rsn o1og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=iC0226L2mTwSWmsO3kPsgRLPQel3caaaYlvI/CApZEtpAkjCHMYhn0a71YxheLBb8G eKp1oLFtxILAFGtvL6t3UwDSgOTpmClQ5uref+8COI1clhmzSQO1YoxaGRcnDQaqd5wc 4upqeXPOpSz3Vk6sdekr2YxSt+Ot7tYzEXqSQo2ER/hKSry5ReGOvpGDjHVZbSPzpC1M /mHxKarcb6nDS8zcIjoUUTHboFm8ABbTSPh02vpuXs4Zdbc0VxSd571a6erg0k9E83qK IINao9rLU+2g8XlGEJXpqwJ52cVsc+V23U7IzgQF5110Nf/SSM3qbyziZuSoiPFk89oy RmbA== X-Gm-Message-State: AGi0Pubr+3e7QxmOiGGF+XoR4s6povw+bRol+KHNCsSA3xVIVRzGvlAQ epIGEQN5FjH2e6CMBXJaHLKW3A== X-Google-Smtp-Source: APiQypJRjg+PyUSZjrIkjpxdMfgyPb9bMEWnffTFRMxoE1aQMUITXzNurR0P/0BN6q0H0W5xTyhSBA== X-Received: by 2002:a0c:e88d:: with SMTP id b13mr3243342qvo.245.1586926868219; Tue, 14 Apr 2020 22:01:08 -0700 (PDT) Received: from localhost ([2620:10d:c091:480::e623]) by smtp.gmail.com with ESMTPSA id 10sm6168833qtp.4.2020.04.14.22.01.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 22:01:07 -0700 (PDT) Date: Wed, 15 Apr 2020 01:01:06 -0400 From: Johannes Weiner To: Waiman Long Cc: Andrew Morton , David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , Linus Torvalds , Joe Perches , Matthew Wilcox , David Rientjes , linux-mm@kvack.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, linux-crypto@vger.kernel.org, linux-s390@vger.kernel.org, linux-pm@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, linux-amlogic@lists.infradead.org, linux-mediatek@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, intel-wired-lan@lists.osuosl.org, linux-ppp@vger.kernel.org, wireguard@lists.zx2c4.com, linux-wireless@vger.kernel.org, devel@driverdev.osuosl.org, linux-scsi@vger.kernel.org, target-devel@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, linux-fscrypt@vger.kernel.org, ecryptfs@vger.kernel.org, kasan-dev@googlegroups.com, linux-bluetooth@vger.kernel.org, linux-wpan@vger.kernel.org, linux-sctp@vger.kernel.org, linux-nfs@vger.kernel.org, tipc-discussion@lists.sourceforge.net, cocci@systeme.lip6.fr, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org Subject: Re: [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() Message-ID: <20200415050106.GA154671@cmpxchg.org> References: <20200413211550.8307-1-longman@redhat.com> <20200413211550.8307-2-longman@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200413211550.8307-2-longman@redhat.com> Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote: > As said by Linus: > > A symmetric naming is only helpful if it implies symmetries in use. > Otherwise it's actively misleading. As the btrfs example proves - people can be tempted by this false symmetry to pair kzalloc with kzfree, which isn't what we wanted. > In "kzalloc()", the z is meaningful and an important part of what the > caller wants. > > In "kzfree()", the z is actively detrimental, because maybe in the > future we really _might_ want to use that "memfill(0xdeadbeef)" or > something. The "zero" part of the interface isn't even _relevant_. > > The main reason that kzfree() exists is to clear sensitive information > that should not be leaked to other future users of the same memory > objects. > > Rename kzfree() to kfree_sensitive() to follow the example of the > recently added kvfree_sensitive() and make the intention of the API > more explicit. In addition, memzero_explicit() is used to clear the > memory to make sure that it won't get optimized away by the compiler. > > The renaming is done by using the command sequence: > > git grep -w --name-only kzfree |\ > xargs sed -i 's/\bkzfree\b/kfree_sensitive/' > > followed by some editing of the kfree_sensitive() kerneldoc and the > use of memzero_explicit() instead of memset(). > > Suggested-by: Joe Perches > Signed-off-by: Waiman Long Looks good to me. Thanks for fixing this very old mistake. Acked-by: Johannes Weiner From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86F30C2BA2B for ; Wed, 15 Apr 2020 05:01:19 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5AA2820656 for ; Wed, 15 Apr 2020 05:01:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="F9vJ38Pq"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=cmpxchg-org.20150623.gappssmtp.com header.i=@cmpxchg-org.20150623.gappssmtp.com header.b="Tcxzc6xC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5AA2820656 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=cmpxchg.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=tklF2z67NdBmmVF5jcUJRS3a6H88HovaZbhOg1PwvAc=; b=F9vJ38PqXA22Ph jVyj4P2i7zekLtlwoueKByW2tiUM1aM9Ffu4tdnQG+B2HtGOCz5CfcVr9Kh7AfDguwcnkfUbKjkfp o0i54vZAoNdVoosAn8WY4t1QcAL2b0MUO1YzWlbSbIZL0dLUtzBYkuerKdkvenQfGeT6XufgZLBWm fz6sDAx1+SxXuUb/+l0o7v+BOCM++9g4s7FJx9zaABt1JCsJhA2b2lPXcJKXmpTckNlGFw7gJ1boR 3TWDsex1FmHLSsyZTC2sry7Tj8u9Lgpyu7HA5thk5FYNQcrzKAGxURi9/F1kdPGaQGnQEcqIMgHsr iNBfsBv+V9NzwbZn1dIA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOaAi-00058q-NH; Wed, 15 Apr 2020 05:01:12 +0000 Received: from mail-qv1-xf43.google.com ([2607:f8b0:4864:20::f43]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOaAg-00057e-5Z for linux-mediatek@lists.infradead.org; Wed, 15 Apr 2020 05:01:12 +0000 Received: by mail-qv1-xf43.google.com with SMTP id di6so1080622qvb.10 for ; Tue, 14 Apr 2020 22:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=Tcxzc6xC3iVTZShTUf3CIv3N8B5ZyCbru12fLV5+tpVooL5/Bo3MM2R4w1+y/qKNnw 9lu0zJBRs+VK1Bc14YzwiZC+K/efs95VT8GzxaoJoz3t2WhfDZxWX+BgsMNU20r8wRPv WS98QN/V8NZIzymtO0juNqdA9Tg6/2OTyjU7Zm1KL9ejebzf7wo1d0uOEsRrlg17M8fg qYmffi6H6MwGLJe4epZjwPPvjWIdIXS0xtejpuhYYUqQSrz2GfoywvJh6tC6sCJVyKe7 xzOQhWdIv/o82YQJCk9DtMPUw2B8iLWuNwugd4l1OepDEbLixuOHRPHRALsrInJO+Rsn o1og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=IEuXVIlBDuKiTelcl5XdjOVCkmnAQe0eub7u5XD0JIb8ESZgv2tbzmKQdGLwUNc0AX /2z7nFjFIdUCEe3ty0l1YpV9HeD4pGORW6Yo91eIeLY2HRPyhwdAjNOZUXaTrNY1s2p0 DwArFs80QrCB69mRF5p/5Q2Pvikx0y5+PdWzqTxQiQROfCEilafUUCpfVb4q3ORGp4N3 aBniuvG6RQaOqU6aBocTyGEvHk1Vxt3scXWdpNrrKjXFvP8MCZYcUq7rHARUM7FSJ7C5 ds/PWOc4g2yT2Oqbp9pPugrF97IORD3LRa70DDibPRRrhClO/yvLqig7YM75SNT0q8XL EE/g== X-Gm-Message-State: AGi0PuZC/pE6q3LP7ipF1Hjm/3qawsUd6O681YuZsCMLDql0AqkBVT/B WymAqbUyByjKI27DYEFkThAs4A== X-Google-Smtp-Source: APiQypJRjg+PyUSZjrIkjpxdMfgyPb9bMEWnffTFRMxoE1aQMUITXzNurR0P/0BN6q0H0W5xTyhSBA== X-Received: by 2002:a0c:e88d:: with SMTP id b13mr3243342qvo.245.1586926868219; Tue, 14 Apr 2020 22:01:08 -0700 (PDT) Received: from localhost ([2620:10d:c091:480::e623]) by smtp.gmail.com with ESMTPSA id 10sm6168833qtp.4.2020.04.14.22.01.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 22:01:07 -0700 (PDT) Date: Wed, 15 Apr 2020 01:01:06 -0400 From: Johannes Weiner To: Waiman Long Subject: Re: [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() Message-ID: <20200415050106.GA154671@cmpxchg.org> References: <20200413211550.8307-1-longman@redhat.com> <20200413211550.8307-2-longman@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200413211550.8307-2-longman@redhat.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200414_220110_215960_2FF8AF97 X-CRM114-Status: GOOD ( 12.75 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-btrfs@vger.kernel.org, Jarkko Sakkinen , virtualization@lists.linux-foundation.org, David Howells , linux-mm@kvack.org, linux-sctp@vger.kernel.org, keyrings@vger.kernel.org, kasan-dev@googlegroups.com, samba-technical@lists.samba.org, linux-stm32@st-md-mailman.stormreply.com, devel@driverdev.osuosl.org, linux-s390@vger.kernel.org, linux-scsi@vger.kernel.org, x86@kernel.org, James Morris , Matthew Wilcox , cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org, intel-wired-lan@lists.osuosl.org, David Rientjes , "Serge E. Hallyn" , linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org, linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-amlogic@lists.infradead.org, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-cifs@vger.kernel.org, Linus Torvalds , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, linux-bluetooth@vger.kernel.org, linux-security-module@vger.kernel.org, target-devel@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-crypto@vger.kernel.org, netdev@vger.kernel.org, Joe Perches , Andrew Morton , linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com, linux-ppp@vger.kernel.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote: > As said by Linus: > > A symmetric naming is only helpful if it implies symmetries in use. > Otherwise it's actively misleading. As the btrfs example proves - people can be tempted by this false symmetry to pair kzalloc with kzfree, which isn't what we wanted. > In "kzalloc()", the z is meaningful and an important part of what the > caller wants. > > In "kzfree()", the z is actively detrimental, because maybe in the > future we really _might_ want to use that "memfill(0xdeadbeef)" or > something. The "zero" part of the interface isn't even _relevant_. > > The main reason that kzfree() exists is to clear sensitive information > that should not be leaked to other future users of the same memory > objects. > > Rename kzfree() to kfree_sensitive() to follow the example of the > recently added kvfree_sensitive() and make the intention of the API > more explicit. In addition, memzero_explicit() is used to clear the > memory to make sure that it won't get optimized away by the compiler. > > The renaming is done by using the command sequence: > > git grep -w --name-only kzfree |\ > xargs sed -i 's/\bkzfree\b/kfree_sensitive/' > > followed by some editing of the kfree_sensitive() kerneldoc and the > use of memzero_explicit() instead of memset(). > > Suggested-by: Joe Perches > Signed-off-by: Waiman Long Looks good to me. Thanks for fixing this very old mistake. Acked-by: Johannes Weiner _______________________________________________ Linux-mediatek mailing list Linux-mediatek@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-mediatek From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 628EEC2BA2B for ; Wed, 15 Apr 2020 05:03:06 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id ABF5420656 for ; Wed, 15 Apr 2020 05:03:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=cmpxchg-org.20150623.gappssmtp.com header.i=@cmpxchg-org.20150623.gappssmtp.com header.b="Tcxzc6xC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org ABF5420656 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=cmpxchg.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4929GZ4DMkzDr2j for ; Wed, 15 Apr 2020 15:03:02 +1000 (AEST) Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=cmpxchg.org (client-ip=2607:f8b0:4864:20::f41; helo=mail-qv1-xf41.google.com; envelope-from=hannes@cmpxchg.org; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=cmpxchg.org Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=cmpxchg-org.20150623.gappssmtp.com header.i=@cmpxchg-org.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=Tcxzc6xC; dkim-atps=neutral Received: from mail-qv1-xf41.google.com (mail-qv1-xf41.google.com [IPv6:2607:f8b0:4864:20::f41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4929DV423fzDr1P for ; Wed, 15 Apr 2020 15:01:12 +1000 (AEST) Received: by mail-qv1-xf41.google.com with SMTP id p19so1122703qve.0 for ; Tue, 14 Apr 2020 22:01:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=Tcxzc6xC3iVTZShTUf3CIv3N8B5ZyCbru12fLV5+tpVooL5/Bo3MM2R4w1+y/qKNnw 9lu0zJBRs+VK1Bc14YzwiZC+K/efs95VT8GzxaoJoz3t2WhfDZxWX+BgsMNU20r8wRPv WS98QN/V8NZIzymtO0juNqdA9Tg6/2OTyjU7Zm1KL9ejebzf7wo1d0uOEsRrlg17M8fg qYmffi6H6MwGLJe4epZjwPPvjWIdIXS0xtejpuhYYUqQSrz2GfoywvJh6tC6sCJVyKe7 xzOQhWdIv/o82YQJCk9DtMPUw2B8iLWuNwugd4l1OepDEbLixuOHRPHRALsrInJO+Rsn o1og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=TJH79Xlg1PX1hIl/KsM3RPgVpytNLNpeN9g7nbNpnDnJnTgSzVg+rHKyO4JnKefrk5 1ZpWCsvETrBtt3C0r7klJm6Aov7X7OCGCtzae6OukmWcMfItxHX8pK5TKepFSJY/eZ6n 5V2d+1AFwjCRboC9Gcpe/+KLCQkJE+2Bxvv9sJnzitlWfjzWzqum8ploE++xZrHiTzMt hJG1FmTc45wY/2QjQ5Mkugz+4yPLSznVnIut1R4v4GnLYCYrm87xcd0pKFy/IwHz//wE haowPh4UiXAhtl38wo8rCnrsGvjpsScStJxr0PdetXIawLfy42tKdo3kovMt8APKB5nx pSrw== X-Gm-Message-State: AGi0PuaXxwK9KJTmusy+GQKkVYZmye/30ONsaY4eopzkv5txw7zDrQb8 0+rCPykObQFlnjabdbNHTKJgmA== X-Google-Smtp-Source: APiQypJRjg+PyUSZjrIkjpxdMfgyPb9bMEWnffTFRMxoE1aQMUITXzNurR0P/0BN6q0H0W5xTyhSBA== X-Received: by 2002:a0c:e88d:: with SMTP id b13mr3243342qvo.245.1586926868219; Tue, 14 Apr 2020 22:01:08 -0700 (PDT) Received: from localhost ([2620:10d:c091:480::e623]) by smtp.gmail.com with ESMTPSA id 10sm6168833qtp.4.2020.04.14.22.01.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 22:01:07 -0700 (PDT) Date: Wed, 15 Apr 2020 01:01:06 -0400 From: Johannes Weiner To: Waiman Long Subject: Re: [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() Message-ID: <20200415050106.GA154671@cmpxchg.org> References: <20200413211550.8307-1-longman@redhat.com> <20200413211550.8307-2-longman@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200413211550.8307-2-longman@redhat.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-btrfs@vger.kernel.org, Jarkko Sakkinen , virtualization@lists.linux-foundation.org, David Howells , linux-mm@kvack.org, linux-sctp@vger.kernel.org, keyrings@vger.kernel.org, kasan-dev@googlegroups.com, samba-technical@lists.samba.org, linux-stm32@st-md-mailman.stormreply.com, devel@driverdev.osuosl.org, linux-s390@vger.kernel.org, linux-scsi@vger.kernel.org, x86@kernel.org, James Morris , Matthew Wilcox , cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org, intel-wired-lan@lists.osuosl.org, David Rientjes , "Serge E. Hallyn" , linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org, linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-amlogic@lists.infradead.org, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-cifs@vger.kernel.org, Linus Torvalds , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, linux-bluetooth@vger.kernel.org, linux-security-module@vger.kernel.org, target-devel@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-crypto@vger.kernel.org, netdev@vger.kernel.org, Joe Perches , Andrew Morton , linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com, linux-ppp@vger.kernel.org Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote: > As said by Linus: > > A symmetric naming is only helpful if it implies symmetries in use. > Otherwise it's actively misleading. As the btrfs example proves - people can be tempted by this false symmetry to pair kzalloc with kzfree, which isn't what we wanted. > In "kzalloc()", the z is meaningful and an important part of what the > caller wants. > > In "kzfree()", the z is actively detrimental, because maybe in the > future we really _might_ want to use that "memfill(0xdeadbeef)" or > something. The "zero" part of the interface isn't even _relevant_. > > The main reason that kzfree() exists is to clear sensitive information > that should not be leaked to other future users of the same memory > objects. > > Rename kzfree() to kfree_sensitive() to follow the example of the > recently added kvfree_sensitive() and make the intention of the API > more explicit. In addition, memzero_explicit() is used to clear the > memory to make sure that it won't get optimized away by the compiler. > > The renaming is done by using the command sequence: > > git grep -w --name-only kzfree |\ > xargs sed -i 's/\bkzfree\b/kfree_sensitive/' > > followed by some editing of the kfree_sensitive() kerneldoc and the > use of memzero_explicit() instead of memset(). > > Suggested-by: Joe Perches > Signed-off-by: Waiman Long Looks good to me. Thanks for fixing this very old mistake. Acked-by: Johannes Weiner From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF892C3815B for ; Wed, 15 Apr 2020 05:01:15 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B4BFF20656 for ; Wed, 15 Apr 2020 05:01:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="h8GOFnZS"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=cmpxchg-org.20150623.gappssmtp.com header.i=@cmpxchg-org.20150623.gappssmtp.com header.b="Tcxzc6xC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B4BFF20656 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=cmpxchg.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=2/jijhU6af7a937ZK/zqJ3yiVDOLK6NWDm/naHlFozY=; b=h8GOFnZSCzXZc4 ZXrRGwiBuSI/4Lbsb6P2cnTqiLr2h/nIokOAPkPT/duadGnofDBW7qOa8nHdXIEoYllTHB31bHUMx qNWdP+TZWmTe7AY1usK39oNW3eKY5ALmcaNYOIJSiKxxkXeqw9IzlkC52tA+Al+3Ajvxr7t+Cynqy hNKFf1piOjRLpvnrhCi7Zp8nr2Vnb+4B9bSMSyOEu4DKEVhhxI8+5WifQ2ibG+HAsHri6Rb7FS5Nx uttPMgIvSjmTBQMlgZxuWWuhBudjFs7zG0x3s2y61nm1LOHeYslf4AX+xoEcq4UNR1DunUVmiYNua mm43WZInkVIZj8zClcNA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOaAj-00059I-Lg; Wed, 15 Apr 2020 05:01:13 +0000 Received: from mail-qv1-xf42.google.com ([2607:f8b0:4864:20::f42]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOaAg-00057f-5c for linux-arm-kernel@lists.infradead.org; Wed, 15 Apr 2020 05:01:12 +0000 Received: by mail-qv1-xf42.google.com with SMTP id v38so1099173qvf.6 for ; Tue, 14 Apr 2020 22:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=Tcxzc6xC3iVTZShTUf3CIv3N8B5ZyCbru12fLV5+tpVooL5/Bo3MM2R4w1+y/qKNnw 9lu0zJBRs+VK1Bc14YzwiZC+K/efs95VT8GzxaoJoz3t2WhfDZxWX+BgsMNU20r8wRPv WS98QN/V8NZIzymtO0juNqdA9Tg6/2OTyjU7Zm1KL9ejebzf7wo1d0uOEsRrlg17M8fg qYmffi6H6MwGLJe4epZjwPPvjWIdIXS0xtejpuhYYUqQSrz2GfoywvJh6tC6sCJVyKe7 xzOQhWdIv/o82YQJCk9DtMPUw2B8iLWuNwugd4l1OepDEbLixuOHRPHRALsrInJO+Rsn o1og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=ef3HLI/XX5ogd42JRuoGnEbb/Ln3ZxgvuLj5jaeUWkI=; b=cuuvi2U1JkOVVFZbICa/t147QHQ/Qt1tVW2V5GswhCy7W6cb9pk9ltveMxJK7w0Omn BshbZ/a+z0zVZQVG57cPOq/WRCTLPSEdUdV8E9wWE9AE0Yys8rLKfU6qq4v7AKrKMsW5 TIPfr0VnQuzzGiHWMe8YE9NydZEKj4X8tc6WghJ6qg80k3MggNbNXa3qrWf4bGB+Fowq KJE3tytoxu2dipy6SP3BeIlyk/NWziIgtJTQ88qzEHaDmTH+rtkYsVa6CvPWh1BsbBkL MaXp+OBsx5ExlANDNEjFBvmrq+JOzRrzpB2voSgj6YYrlHTM8bBsg9KTHxnKGgPWJVA9 uWIg== X-Gm-Message-State: AGi0PuaIxFMjo2Ub6D5HDIIHHrLLczR3LKBgMpn5pypiatemKZS48v4y K8BcmQHcXL8MDBLyH1Q8G44jLA== X-Google-Smtp-Source: APiQypJRjg+PyUSZjrIkjpxdMfgyPb9bMEWnffTFRMxoE1aQMUITXzNurR0P/0BN6q0H0W5xTyhSBA== X-Received: by 2002:a0c:e88d:: with SMTP id b13mr3243342qvo.245.1586926868219; Tue, 14 Apr 2020 22:01:08 -0700 (PDT) Received: from localhost ([2620:10d:c091:480::e623]) by smtp.gmail.com with ESMTPSA id 10sm6168833qtp.4.2020.04.14.22.01.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 22:01:07 -0700 (PDT) Date: Wed, 15 Apr 2020 01:01:06 -0400 From: Johannes Weiner To: Waiman Long Subject: Re: [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() Message-ID: <20200415050106.GA154671@cmpxchg.org> References: <20200413211550.8307-1-longman@redhat.com> <20200413211550.8307-2-longman@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200413211550.8307-2-longman@redhat.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200414_220110_216529_B25CB10F X-CRM114-Status: GOOD ( 14.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-btrfs@vger.kernel.org, Jarkko Sakkinen , virtualization@lists.linux-foundation.org, David Howells , linux-mm@kvack.org, linux-sctp@vger.kernel.org, keyrings@vger.kernel.org, kasan-dev@googlegroups.com, samba-technical@lists.samba.org, linux-stm32@st-md-mailman.stormreply.com, devel@driverdev.osuosl.org, linux-s390@vger.kernel.org, linux-scsi@vger.kernel.org, x86@kernel.org, James Morris , Matthew Wilcox , cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org, intel-wired-lan@lists.osuosl.org, David Rientjes , "Serge E. Hallyn" , linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org, linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-amlogic@lists.infradead.org, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-cifs@vger.kernel.org, Linus Torvalds , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, linux-bluetooth@vger.kernel.org, linux-security-module@vger.kernel.org, target-devel@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-crypto@vger.kernel.org, netdev@vger.kernel.org, Joe Perches , Andrew Morton , linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com, linux-ppp@vger.kernel.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote: > As said by Linus: > > A symmetric naming is only helpful if it implies symmetries in use. > Otherwise it's actively misleading. As the btrfs example proves - people can be tempted by this false symmetry to pair kzalloc with kzfree, which isn't what we wanted. > In "kzalloc()", the z is meaningful and an important part of what the > caller wants. > > In "kzfree()", the z is actively detrimental, because maybe in the > future we really _might_ want to use that "memfill(0xdeadbeef)" or > something. The "zero" part of the interface isn't even _relevant_. > > The main reason that kzfree() exists is to clear sensitive information > that should not be leaked to other future users of the same memory > objects. > > Rename kzfree() to kfree_sensitive() to follow the example of the > recently added kvfree_sensitive() and make the intention of the API > more explicit. In addition, memzero_explicit() is used to clear the > memory to make sure that it won't get optimized away by the compiler. > > The renaming is done by using the command sequence: > > git grep -w --name-only kzfree |\ > xargs sed -i 's/\bkzfree\b/kfree_sensitive/' > > followed by some editing of the kfree_sensitive() kerneldoc and the > use of memzero_explicit() instead of memset(). > > Suggested-by: Joe Perches > Signed-off-by: Waiman Long Looks good to me. Thanks for fixing this very old mistake. Acked-by: Johannes Weiner _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel