public inbox for kernel-janitors@vger.kernel.org
 help / color / mirror / Atom feed
* [patch] KEYS: Use memzero_explicit() for secret data
@ 2016-12-16  9:14 Dan Carpenter
  0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2016-12-16  9:14 UTC (permalink / raw)
  To: kernel-janitors

I don't think GCC has figured out how to optimize the memset() away, but
they might eventually so let's future proof this code a bit.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index d7a4969b2dd3..4fb315cddf5b 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -985,7 +985,7 @@ static void encrypted_destroy(struct key *key)
 	if (!epayload)
 		return;
 
-	memset(epayload->decrypted_data, 0, epayload->decrypted_datalen);
+	memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen);
 	kfree(key->payload.data[0]);
 }
 

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2016-12-16  9:14 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-16  9:14 [patch] KEYS: Use memzero_explicit() for secret data Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox