From: Johannes Weiner <hannes@cmpxchg.org>
To: Pekka J Enberg <penberg@cs.helsinki.fi>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>,
Christoph Lameter <cl@linux-foundation.org>,
Matt Mackall <mpm@selenic.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-crypto@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>,
Geert.Uytterhoeven@sonycom.com
Subject: Re: [PATCH] Export symbol ksize()
Date: Mon, 16 Feb 2009 14:56:43 +0100 [thread overview]
Message-ID: <20090216135643.GA6927@cmpxchg.org> (raw)
In-Reply-To: <Pine.LNX.4.64.0902101605070.20991@melkki.cs.Helsinki.FI>
On Tue, Feb 10, 2009 at 04:06:53PM +0200, Pekka J Enberg wrote:
> On Tue, Feb 10, 2009 at 03:35:03PM +0200, Pekka Enberg wrote:
> > > We unexported ksize() because it's a problematic interface and you
> > > almost certainly want to use the alternatives (e.g. krealloc). I think
> > > I need bit more convincing to apply this patch...
>
> On Tue, 10 Feb 2009, Kirill A. Shutemov wrote:
> > It just a quick fix. If anybody knows better solution, I have no
> > objections.
>
> Herbert, what do you think of this (untested) patch? Alternatively, we
> could do something like kfree_secure() but it seems overkill for this one
> call-site.
There are more callsites which do memset() + kfree():
arch/s390/crypto/prng.c
drivers/s390/crypto/zcrypt_pcixcc.c
drivers/md/dm-crypt.c
drivers/usb/host/hwa-hc.c
drivers/usb/wusbcore/cbaf.c
(drivers/w1/w1{,_int}.c)
fs/cifs/misc.c
fs/cifs/connect.c
fs/ecryptfs/keystore.c
fs/ecryptfs/messaging.c
net/atm/mpoa_caches.c
How about the attached patch? One problem is that zeroing ksize()
bytes can have an overhead of nearly twice the actual allocation size.
So we would need an interface that lets the caller pass in either a
number of bytes it wants to have zeroed out or say idontknow.
Perhaps add a size parameter that is cut to ksize() if it's too big?
Or (ssize_t)-1 for figureitoutyourself?
Hannes
---
Subject: slab: introduce kzfree()
kzfree() is a wrapper for kfree() that additionally zeroes the
underlying memory before releasing it to the slab allocator.
---
include/linux/slab.h | 1 +
mm/util.c | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+)
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -127,6 +127,7 @@ int kmem_ptr_validate(struct kmem_cache
void * __must_check __krealloc(const void *, size_t, gfp_t);
void * __must_check krealloc(const void *, size_t, gfp_t);
void kfree(const void *);
+void kzfree(const void *);
size_t ksize(const void *);
/*
--- a/mm/util.c
+++ b/mm/util.c
@@ -129,6 +129,26 @@ void *krealloc(const void *p, size_t new
}
EXPORT_SYMBOL(krealloc);
+/**
+ * kzfree - like kfree but zero memory
+ * @p: object to free memory of
+ * @zsize: size of the memory region to zero
+ *
+ * The memory of the object @p points to is zeroed before freed.
+ * If @p is %NULL, kzfree() does nothing.
+ */
+void kzfree(const void *p)
+{
+ size_t ks;
+ void *mem = (void *)p;
+
+ if (unlikely(ZERO_OR_NULL_PTR(mem)))
+ return;
+ ks = ksize(mem);
+ memset(mem, 0, ks);
+ kfree(mem);
+}
+
/*
* strndup_user - duplicate an existing string from user space
* @s: The string to duplicate
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2009-02-16 13:55 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-10 13:21 [PATCH] Export symbol ksize() Kirill A. Shutemov
2009-02-10 13:35 ` Pekka Enberg
2009-02-10 13:46 ` Kirill A. Shutemov
2009-02-10 14:06 ` Pekka J Enberg
2009-02-12 10:43 ` Herbert Xu
2009-02-12 10:45 ` Pekka Enberg
2009-02-12 10:50 ` Herbert Xu
2009-02-12 13:10 ` Nick Piggin
2009-02-12 23:09 ` Herbert Xu
2009-02-12 23:37 ` Matt Mackall
2009-02-13 13:20 ` Nick Piggin
2009-02-13 16:57 ` Kyle Moffett
2009-02-12 15:55 ` Pekka Enberg
2009-02-12 23:09 ` Herbert Xu
2009-02-15 21:36 ` Andrew Morton
2009-02-15 21:43 ` Matt Mackall
2009-02-15 21:55 ` Andrew Morton
2009-02-15 23:49 ` Matt Mackall
2009-02-16 1:00 ` Andrew Morton
2009-02-16 1:21 ` Herbert Xu
2009-02-16 1:28 ` Matt Mackall
2009-02-16 1:52 ` Herbert Xu
2009-02-16 1:54 ` Matt Mackall
2009-02-16 1:57 ` Herbert Xu
2009-02-16 1:38 ` Matt Mackall
2009-02-17 8:43 ` Geert Uytterhoeven
2009-02-17 16:17 ` Christoph Lameter
2009-02-17 17:03 ` Pekka Enberg
2009-02-17 17:06 ` Christoph Lameter
2009-02-16 13:56 ` Johannes Weiner [this message]
2009-02-16 14:09 ` Pekka Enberg
2009-02-16 16:32 ` Joe Perches
2009-02-16 17:29 ` Pekka Enberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090216135643.GA6927@cmpxchg.org \
--to=hannes@cmpxchg.org \
--cc=Geert.Uytterhoeven@sonycom.com \
--cc=cl@linux-foundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=kirill@shutemov.name \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mpm@selenic.com \
--cc=penberg@cs.helsinki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).