* Re: [PATCH v4 0/3] mm, treewide: Rename kzfree() to kfree_sensitive()
From: Joe Perches @ 2020-06-16 18:53 UTC (permalink / raw)
To: Waiman Long, Andrew Morton, David Howells, Jarkko Sakkinen,
James Morris, Serge E. Hallyn, Linus Torvalds, Matthew Wilcox,
David Rientjes
Cc: Jason A . Donenfeld, Michal Hocko, linux-btrfs, linux-kernel,
linux-mm, linux-sctp, target-devel, linux-stm32, devel,
linux-cifs, linux-scsi, kasan-dev, linux-wpan, Dan Carpenter,
linux-pm, ecryptfs, linux-fscrypt, linux-mediatek, linux-amlogic,
virtualization, linux-nfs, netdev, linux-wireless, David Sterba,
linux-bluetooth, linux-security-module, keyrings, tipc-discussion,
linux-crypto, Johannes Weiner, linux-integrity, linuxppc-dev,
wireguard, linux-ppp
In-Reply-To: <20200616015718.7812-1-longman@redhat.com>
On Mon, 2020-06-15 at 21:57 -0400, Waiman Long wrote:
> v4:
> - Break out the memzero_explicit() change as suggested by Dan Carpenter
> so that it can be backported to stable.
> - Drop the "crypto: Remove unnecessary memzero_explicit()" patch for
> now as there can be a bit more discussion on what is best. It will be
> introduced as a separate patch later on after this one is merged.
To this larger audience and last week without reply:
https://lore.kernel.org/lkml/573b3fbd5927c643920e1364230c296b23e7584d.camel@perches.com/
Are there _any_ fastpath uses of kfree or vfree?
Many patches have been posted recently to fix mispairings
of specific types of alloc and free functions.
To eliminate these mispairings at a runtime cost of four
comparisons, should the kfree/vfree/kvfree/kfree_const
functions be consolidated into a single kfree?
Something like the below:
void kfree(const void *addr)
{
if (is_kernel_rodata((unsigned long)addr))
return;
if (is_vmalloc_addr(addr))
_vfree(addr);
else
_kfree(addr);
}
#define kvfree kfree
#define vfree kfree
#define kfree_const kfree
^ permalink raw reply
* Re: [PATCH v5 2/2] mm, treewide: Rename kzfree() to kfree_sensitive()
From: Waiman Long @ 2020-06-16 18:36 UTC (permalink / raw)
To: Andrew Morton
Cc: Jason A . Donenfeld, Michal Hocko, Jarkko Sakkinen,
virtualization, David Howells, linux-mm, linux-sctp, keyrings,
kasan-dev, linux-stm32, devel, linux-cifs, linux-scsi,
James Morris, Matthew Wilcox, linux-wpan, David Rientjes,
Dan Carpenter, Serge E. Hallyn, linux-pm, ecryptfs, linux-fscrypt,
linux-mediatek, linux-amlogic, linux-nfs, Linus Torvalds,
linux-wireless, linux-kernel, linux-bluetooth,
linux-security-module, target-devel, tipc-discussion,
linux-crypto, Johannes Weiner, Joe Perches, linux-integrity,
linuxppc-dev, netdev, wireguard, linux-ppp
In-Reply-To: <20200616110944.c13f221e5c3f54e775190afe@linux-foundation.org>
On 6/16/20 2:09 PM, Andrew Morton wrote:
> On Tue, 16 Jun 2020 11:43:11 -0400 Waiman Long <longman@redhat.com> wrote:
>
>> As said by Linus:
>>
>> A symmetric naming is only helpful if it implies symmetries in use.
>> Otherwise it's actively misleading.
>>
>> In "kzalloc()", the z is meaningful and an important part of what the
>> caller wants.
>>
>> In "kzfree()", the z is actively detrimental, because maybe in the
>> future we really _might_ want to use that "memfill(0xdeadbeef)" or
>> something. The "zero" part of the interface isn't even _relevant_.
>>
>> The main reason that kzfree() exists is to clear sensitive information
>> that should not be leaked to other future users of the same memory
>> objects.
>>
>> Rename kzfree() to kfree_sensitive() to follow the example of the
>> recently added kvfree_sensitive() and make the intention of the API
>> more explicit. In addition, memzero_explicit() is used to clear the
>> memory to make sure that it won't get optimized away by the compiler.
>>
>> The renaming is done by using the command sequence:
>>
>> git grep -w --name-only kzfree |\
>> xargs sed -i 's/\bkzfree\b/kfree_sensitive/'
>>
>> followed by some editing of the kfree_sensitive() kerneldoc and adding
>> a kzfree backward compatibility macro in slab.h.
>>
>> ...
>>
>> --- a/include/linux/slab.h
>> +++ b/include/linux/slab.h
>> @@ -186,10 +186,12 @@ void memcg_deactivate_kmem_caches(struct mem_cgroup *, struct mem_cgroup *);
>> */
>> void * __must_check krealloc(const void *, size_t, gfp_t);
>> void kfree(const void *);
>> -void kzfree(const void *);
>> +void kfree_sensitive(const void *);
>> size_t __ksize(const void *);
>> size_t ksize(const void *);
>>
>> +#define kzfree(x) kfree_sensitive(x) /* For backward compatibility */
>> +
> What was the thinking here? Is this really necessary?
>
> I suppose we could keep this around for a while to ease migration. But
> not for too long, please.
>
It should be there just for 1 release cycle. I have broken out the btrfs
patch to the btrfs list and I didn't make the kzfree to kfree_sensitive
conversion there as that patch was in front in my patch list. So
depending on which one lands first, there can be a window where the
compilation may fail without this workaround. I am going to send out
another patch in the next release cycle to remove it.
Cheers,
Longman
^ permalink raw reply
* Re: [PATCH] scsi: target/sbp: remove firewire SBP target driver
From: Johannes Thumshirn @ 2020-06-16 14:13 UTC (permalink / raw)
To: Bart Van Assche, Finn Thain, Chris Boot
Cc: Martin K . Petersen, linux-scsi@vger.kernel.org, Chuhong Yuan,
linux-kernel@vger.kernel.org, Nicholas Bellinger,
target-devel@vger.kernel.org,
linux1394-devel@lists.sourceforge.net,
linuxppc-dev@lists.ozlabs.org, Stefan Richter
In-Reply-To: <8cbab988-fba7-8e27-7faf-9f7aa36ca235@acm.org>
On 16/06/2020 16:09, Bart Van Assche wrote:
> On 2020-06-16 02:42, Finn Thain wrote:
>> Martin said, "I'd appreciate a patch to remove it"
>>
>> And Bart said, "do you want to keep this driver in the kernel tree?"
>>
>> AFAICT both comments are quite ambiguous. I don't see an actionable
>> request, just an expression of interest from people doing their jobs.
>>
>> Note well: there is no pay check associated with having a MAINTAINERS file
>> entry.
>
> Hi Finn,
>
> As far as I know the sbp driver only has had one user ever and that user
> is no longer user the sbp driver. So why to keep it in the kernel tree?
> Restoring a kernel driver can be easy - the first step is a "git revert".
Why not move the driver to drivers/staging for 2 or 3 kernel releases and if
noone steps up, delete it?
Just my 2 Cents,
Johannes
^ permalink raw reply
* Re: [PATCH v5 01/13] powerpc: Remove Xilinx PPC405/PPC440 support
From: Nathan Chancellor @ 2020-06-16 18:16 UTC (permalink / raw)
To: Michal Simek
Cc: arnd, linux-kernel, clang-built-linux, Paul Mackerras,
linuxppc-dev
In-Reply-To: <68503e5e-7456-b81c-e43d-27cb331a4b72@xilinx.com>
Hi Michal,
On Tue, Jun 16, 2020 at 04:45:20PM +0200, Michal Simek wrote:
>
>
> On 16. 06. 20 2:27, Nathan Chancellor wrote:
> > On Thu, May 21, 2020 at 04:55:52PM +0000, Christophe Leroy wrote:
> >> From: Michal Simek <michal.simek@xilinx.com>
> >>
> >> The latest Xilinx design tools called ISE and EDK has been released in
> >> October 2013. New tool doesn't support any PPC405/PPC440 new designs.
> >> These platforms are no longer supported and tested.
> >>
> >> PowerPC 405/440 port is orphan from 2013 by
> >> commit cdeb89943bfc ("MAINTAINERS: Fix incorrect status tag") and
> >> commit 19624236cce1 ("MAINTAINERS: Update Grant's email address and maintainership")
> >> that's why it is time to remove the support fot these platforms.
> >>
> >> Signed-off-by: Michal Simek <michal.simek@xilinx.com>
> >> Acked-by: Arnd Bergmann <arnd@arndb.de>
> >> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
> >
> > This patch causes qemu-system-ppc to fail to load ppc44x_defconfig:
> >
> > $ make -skj"$(nproc)" ARCH=powerpc CROSS_COMPILE=powerpc-linux- O=out/ppc distclean ppc44x_defconfig zImage
> >
> > $ timeout --foreground 30s unbuffer \
> > qemu-system-ppc \
> > -machine bamboo \
>
> Did you bisect it that you found that this patch is causing problem for
> you on any bamboo machine?
>
> Or this was caused by the whole series?
>
> Thanks,
> Michal
Yes, this conclusion was the result of the following bisect:
$ cat test.sh
#!/usr/bin/env bash
cd "${HOME}"/src/linux || exit 125
set -x
PATH=${HOME}/toolchains/gcc/10.1.0/bin:${PATH} \
make -skj"$(nproc)" ARCH=powerpc CROSS_COMPILE=powerpc-linux- O=out/ppc32 distclean ppc44x_defconfig zImage || exit 125
"${HOME}"/cbl/github/boot-utils/boot-qemu.sh -a ppc32 -k out/ppc32 -t 30s
$ git bisect start v5.8-rc1 v5.7
...
$ git bisect run test.sh
...
$ git bisect log
# bad: [b3a9e3b9622ae10064826dccb4f7a52bd88c7407] Linux 5.8-rc1
# good: [3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162] Linux 5.7
git bisect start 'v5.8-rc1' 'v5.7'
# good: [ee01c4d72adffb7d424535adf630f2955748fa8b] Merge branch 'akpm' (patches from Andrew)
git bisect good ee01c4d72adffb7d424535adf630f2955748fa8b
# bad: [6f2dc3d335457d9c815be9f4fd3dc8eff92fcef7] Merge tag 'dma-mapping-5.8-2' of git://git.infradead.org/users/hch/dma-mapping
git bisect bad 6f2dc3d335457d9c815be9f4fd3dc8eff92fcef7
# skip: [828f3e18e1cb98c68fc6db4d5113513d4a267775] Merge tag 'arm-drivers-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
git bisect skip 828f3e18e1cb98c68fc6db4d5113513d4a267775
# good: [c46241a370a61f0f264791abb9fc869016e749ce] powerpc/pkeys: Check vma before returning key fault error to the user
git bisect good c46241a370a61f0f264791abb9fc869016e749ce
# good: [3f0be4df50a7854a831c80a74d7cf2cfd61f2fde] Merge tag 'versatile-dts-v5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-integrator into arm/dt
git bisect good 3f0be4df50a7854a831c80a74d7cf2cfd61f2fde
# bad: [bd55e792de0844631d34487d43eaf3f13294ebfe] powerpc/module_64: Use special stub for _mcount() with -mprofile-kernel
git bisect bad bd55e792de0844631d34487d43eaf3f13294ebfe
# good: [303e6a9ddcdc168e92253c78cdb4bbe1e10d78b3] powerpc/watchpoint: Convert thread_struct->hw_brk to an array
git bisect good 303e6a9ddcdc168e92253c78cdb4bbe1e10d78b3
# good: [0755e85570a4615ca674ad6489d44d63916f1f3e] powerpc/xive: Do not expose a debugfs file when XIVE is disabled
git bisect good 0755e85570a4615ca674ad6489d44d63916f1f3e
# bad: [b4ac18eead28611ff470d0f47a35c4e0ac080d9c] powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run
git bisect bad b4ac18eead28611ff470d0f47a35c4e0ac080d9c
# bad: [3aacaa719b7bf135551cabde2480e8f7bfdf7c7d] powerpc/40x: Don't save CR in SPRN_SPRG_SCRATCH6
git bisect bad 3aacaa719b7bf135551cabde2480e8f7bfdf7c7d
# bad: [1b5c0967ab8aa9424cdd5108de4e055d8aeaa9d0] powerpc/40x: Remove support for IBM 403GCX
git bisect bad 1b5c0967ab8aa9424cdd5108de4e055d8aeaa9d0
# good: [0bdad33d6bd7b80722e2f9e588d3d7c6d6e34978] powerpc/64: Refactor interrupt exit irq disabling sequence
git bisect good 0bdad33d6bd7b80722e2f9e588d3d7c6d6e34978
# bad: [2c74e2586bb96012ffc05f1c819b05d9cad86d6e] powerpc/40x: Rework 40x PTE access and TLB miss
git bisect bad 2c74e2586bb96012ffc05f1c819b05d9cad86d6e
# bad: [7ade8495dcfd788a76e6877c9ea86f5207369ea4] powerpc: Remove Xilinx PPC405/PPC440 support
git bisect bad 7ade8495dcfd788a76e6877c9ea86f5207369ea4
# first bad commit: [7ade8495dcfd788a76e6877c9ea86f5207369ea4] powerpc: Remove Xilinx PPC405/PPC440 support
^ permalink raw reply
* Re: [PATCH v5 2/2] mm, treewide: Rename kzfree() to kfree_sensitive()
From: Andrew Morton @ 2020-06-16 18:09 UTC (permalink / raw)
To: Waiman Long
Cc: Jason A . Donenfeld, Michal Hocko, Jarkko Sakkinen,
virtualization, David Howells, linux-mm, linux-sctp, keyrings,
kasan-dev, linux-stm32, devel, linux-cifs, linux-scsi,
James Morris, Matthew Wilcox, linux-wpan, David Rientjes,
Dan Carpenter, Serge E. Hallyn, linux-pm, ecryptfs, linux-fscrypt,
linux-mediatek, linux-amlogic, linux-nfs, Linus Torvalds,
linux-wireless, linux-kernel, linux-bluetooth,
linux-security-module, target-devel, tipc-discussion,
linux-crypto, Johannes Weiner, Joe Perches, linux-integrity,
linuxppc-dev, netdev, wireguard, linux-ppp
In-Reply-To: <20200616154311.12314-3-longman@redhat.com>
On Tue, 16 Jun 2020 11:43:11 -0400 Waiman Long <longman@redhat.com> wrote:
> As said by Linus:
>
> A symmetric naming is only helpful if it implies symmetries in use.
> Otherwise it's actively misleading.
>
> In "kzalloc()", the z is meaningful and an important part of what the
> caller wants.
>
> In "kzfree()", the z is actively detrimental, because maybe in the
> future we really _might_ want to use that "memfill(0xdeadbeef)" or
> something. The "zero" part of the interface isn't even _relevant_.
>
> The main reason that kzfree() exists is to clear sensitive information
> that should not be leaked to other future users of the same memory
> objects.
>
> Rename kzfree() to kfree_sensitive() to follow the example of the
> recently added kvfree_sensitive() and make the intention of the API
> more explicit. In addition, memzero_explicit() is used to clear the
> memory to make sure that it won't get optimized away by the compiler.
>
> The renaming is done by using the command sequence:
>
> git grep -w --name-only kzfree |\
> xargs sed -i 's/\bkzfree\b/kfree_sensitive/'
>
> followed by some editing of the kfree_sensitive() kerneldoc and adding
> a kzfree backward compatibility macro in slab.h.
>
> ...
>
> --- a/include/linux/slab.h
> +++ b/include/linux/slab.h
> @@ -186,10 +186,12 @@ void memcg_deactivate_kmem_caches(struct mem_cgroup *, struct mem_cgroup *);
> */
> void * __must_check krealloc(const void *, size_t, gfp_t);
> void kfree(const void *);
> -void kzfree(const void *);
> +void kfree_sensitive(const void *);
> size_t __ksize(const void *);
> size_t ksize(const void *);
>
> +#define kzfree(x) kfree_sensitive(x) /* For backward compatibility */
> +
What was the thinking here? Is this really necessary?
I suppose we could keep this around for a while to ease migration. But
not for too long, please.
^ permalink raw reply
* Re: [PATCH] scsi: target/sbp: remove firewire SBP target driver
From: Chris Boot @ 2020-06-16 17:59 UTC (permalink / raw)
To: James Bottomley, Johannes Thumshirn, Bart Van Assche, Finn Thain
Cc: Martin K . Petersen, linux-scsi@vger.kernel.org, Chuhong Yuan,
linux-kernel@vger.kernel.org, Nicholas Bellinger,
target-devel@vger.kernel.org,
linux1394-devel@lists.sourceforge.net,
linuxppc-dev@lists.ozlabs.org, Stefan Richter
In-Reply-To: <1592321667.4394.5.camel@HansenPartnership.com>
On 16/06/2020 16:34, James Bottomley wrote:
> On Tue, 2020-06-16 at 14:13 +0000, Johannes Thumshirn wrote:
>> On 16/06/2020 16:09, Bart Van Assche wrote:
>>> On 2020-06-16 02:42, Finn Thain wrote:
>>>> Martin said, "I'd appreciate a patch to remove it"
>>>>
>>>> And Bart said, "do you want to keep this driver in the kernel
>>>> tree?"
>>>>
>>>> AFAICT both comments are quite ambiguous. I don't see an
>>>> actionable request, just an expression of interest from people
>>>> doing their jobs.
>>>>
>>>> Note well: there is no pay check associated with having a
>>>> MAINTAINERS file
>>>> entry.
>>>
>>> Hi Finn,
>>>
>>> As far as I know the sbp driver only has had one user ever and that
>>> user is no longer user the sbp driver. So why to keep it in the
>>> kernel tree? Restoring a kernel driver can be easy - the first step
>>> is a "git revert".
>>
>> Why not move the driver to drivers/staging for 2 or 3 kernel releases
>> and if noone steps up, delete it?
>
> Because that's pretty much the worst of all worlds: If the driver is
> simply going orphaned it can stay where it is to avoid confusion. If
> it's being removed, it's better to remove it from where it is because
> that makes the patch to restore it easy to find.
>
> Chris, the thing is this: if this driver has just one user on a stable
> distro who complains about its removal six months to two years from
> now, Linus will descend on us from a great height (which won't matter
> to you, since you'll be long gone). This makes everyone very wary of
> outright removal. If you're really, really sure it has no users, it
> can be deleted, but if there's the slightest chance it has just one, it
> should get orphaned.
My patch to delete the driver was based on Martin's original request:
https://lore.kernel.org/lkml/yq1img99d4k.fsf@ca-mkp.ca.oracle.com/
I don't especially want it to be gone, nor can I be sure there are no
users of what is as far as I can tell a working piece of code. I can
tell you that I never hear about it (other than the odd patch), whereas
I do get emails out of the blue for some of my other (much smaller)
stuff which clearly has users. I'd be just as happy for this to be
orphaned or for nothing to happen to it.
Honestly, I am totally ambivalent as to what happens to this code.
Martin, however, clearly cares enough to have asked me to supply a patch
to remove it.
Cheers,
Chris
--
Chris Boot
bootc@boo.tc
^ permalink raw reply
* Re: [PATCH] powerpc/pci: unmap legacy INTx interrupts when a PHB is removed
From: Cédric Le Goater @ 2020-06-16 13:36 UTC (permalink / raw)
To: Michael Ellerman; +Cc: Oliver O'Halloran, linuxppc-dev
In-Reply-To: <20200612070245.361114-1-clg@kaod.org>
On 6/12/20 9:02 AM, Cédric Le Goater wrote:
> When a passthrough IO adapter is removed from a pseries machine using
> hash MMU and the XIVE interrupt mode, the POWER hypervisor, pHyp,
> expects the guest OS to have cleared all page table entries related to
> the adapter. If some are still present, the RTAS call which isolates
> the PCI slot returns error 9001 "valid outstanding translations" and
> the removal of the IO adapter fails.
>
> INTx interrupt numbers need special care because Linux maps the
> interrupts automatically in the Linux interrupt number space. For this
> purpose, record the logical interrupt number of the INTx at the PHB
> level and clear these interrupts when the PCI bus is removed. This
> will also clear all the page table entries of the ESB pages when using
> XIVE.
>
> Cc: "Oliver O'Halloran" <oohall@gmail.com>
> Signed-off-by: Cédric Le Goater <clg@kaod.org>
> ---
>
> This deprecates patch :
>
> http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20200429075122.1216388-3-clg@kaod.org/
So, this clears the INTx interrupts but, to be more precise, it clears
4 interrupts that were mapped when the PHB are initialized. These are
similar to platform interrupts in some ways. They can be of another
type (GPU, CAPI or OCAPI adapters) and there can be more than 4.
To cover all cases, we need to analyze the "interrupt-map" properties.
A v2 is on its way. This feels like I opened a Pandora box..
C.
> Thanks,
>
> arch/powerpc/include/asm/pci-bridge.h | 4 +++
> arch/powerpc/kernel/pci-common.c | 45 +++++++++++++++++++++++++++
> 2 files changed, 49 insertions(+)
>
> diff --git a/arch/powerpc/include/asm/pci-bridge.h b/arch/powerpc/include/asm/pci-bridge.h
> index b92e81b256e5..9960dd249079 100644
> --- a/arch/powerpc/include/asm/pci-bridge.h
> +++ b/arch/powerpc/include/asm/pci-bridge.h
> @@ -48,6 +48,8 @@ struct pci_controller_ops {
>
> /*
> * Structure of a PCI controller (host bridge)
> + *
> + * @intx: legacy INTx mappings
> */
> struct pci_controller {
> struct pci_bus *bus;
> @@ -127,6 +129,8 @@ struct pci_controller {
>
> void *private_data;
> struct npu *npu;
> +
> + unsigned int intx[PCI_NUM_INTX];
> };
>
> /* These are used for config access before all the PCI probing
> diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c
> index be108616a721..8c442627f465 100644
> --- a/arch/powerpc/kernel/pci-common.c
> +++ b/arch/powerpc/kernel/pci-common.c
> @@ -353,6 +353,49 @@ struct pci_controller *pci_find_controller_for_domain(int domain_nr)
> return NULL;
> }
>
> +static void pci_intx_register(struct pci_dev *pdev, int virq)
> +{
> + struct pci_controller *phb = pci_bus_to_host(pdev->bus);
> + int i;
> +
> + for (i = 0; i < PCI_NUM_INTX; i++) {
> + /*
> + * Look for an empty or an equivalent slot, as INTx
> + * interrupts can be shared between adapters
> + */
> + if (phb->intx[i] == virq || !phb->intx[i]) {
> + phb->intx[i] = virq;
> + break;
> + }
> + }
> +
> + if (i == PCI_NUM_INTX)
> + pr_err("PCI:%s INTx all mapped\n", pci_name(pdev));
> +}
> +
> +/*
> + * Clearing the mapped INTx interrupts will also clear the underlying
> + * mappings of the ESB pages of the interrupts when under XIVE. It is
> + * a requirement of PowerVM to clear all memory mappings before
> + * removing a PHB.
> + */
> +static void pci_intx_dispose(struct pci_bus *bus)
> +{
> + struct pci_controller *phb = pci_bus_to_host(bus);
> + int i;
> +
> + pr_debug("PCI: Clearing INTx for PHB %04x:%02x...\n",
> + pci_domain_nr(bus), bus->number);
> + for (i = 0; i < PCI_NUM_INTX; i++)
> + irq_dispose_mapping(phb->intx[i]);
> +}
> +
> +void pcibios_remove_bus(struct pci_bus *bus)
> +{
> + pci_intx_dispose(bus);
> +}
> +EXPORT_SYMBOL_GPL(pcibios_remove_bus);
> +
> /*
> * Reads the interrupt pin to determine if interrupt is use by card.
> * If the interrupt is used, then gets the interrupt line from the
> @@ -401,6 +444,8 @@ static int pci_read_irq_line(struct pci_dev *pci_dev)
>
> pci_dev->irq = virq;
>
> + /* Record all INTx mappings for later removal of a PHB */
> + pci_intx_register(pci_dev, virq);
> return 0;
> }
>
>
^ permalink raw reply
* Re: [PATCH v4 1/3] mm/slab: Use memzero_explicit() in kzfree()
From: David Howells @ 2020-06-16 15:46 UTC (permalink / raw)
To: Waiman Long
Cc: Jason A . Donenfeld, Michal Hocko, linux-btrfs, Jarkko Sakkinen,
David Sterba, David Howells, linux-mm, linux-sctp, keyrings,
kasan-dev, linux-stm32, devel, linux-cifs, linux-scsi,
James Morris, Matthew Wilcox, ebiggers, linux-wpan,
David Rientjes, Dan Carpenter, Serge E. Hallyn, linux-pm,
ecryptfs, linux-fscrypt, linux-mediatek, linux-amlogic,
virtualization, linux-integrity, linux-nfs, linuxppc-dev,
linux-wireless, linux-kernel, stable, linux-bluetooth,
linux-security-module, target-devel, tipc-discussion,
linux-crypto, Johannes Weiner, Joe Perches, Andrew Morton,
Linus Torvalds, netdev, wireguard, linux-ppp
In-Reply-To: <56c2304c-73cc-8f48-d8d0-5dd6c39f33f3@redhat.com>
Waiman Long <longman@redhat.com> wrote:
> The kzfree() function is normally used to clear some sensitive
> information, like encryption keys, in the buffer before freeing it back
> to the pool. Memset()
"memset()" is all lowercase.
> is currently used for buffer clearing. However unlikely, there is still a
> non-zero probability
I'd say "a possibility".
> that
and I'd move "in [the] future" here.
> the compiler may choose to optimize away the
> memory clearing especially if LTO is being used in the future. To make sure
> that this optimization will never happen
"in these cases"
> , memzero_explicit(), which is introduced in v3.18, is now used in
"instead of"?
> kzfree() to future-proof it.
Davod
^ permalink raw reply
* [PATCH v5 1/2] mm/slab: Use memzero_explicit() in kzfree()
From: Waiman Long @ 2020-06-16 15:43 UTC (permalink / raw)
To: Andrew Morton, David Howells, Jarkko Sakkinen, James Morris,
Serge E. Hallyn, Linus Torvalds, Joe Perches, Matthew Wilcox,
David Rientjes
Cc: Jason A . Donenfeld, Michal Hocko, virtualization, linux-mm,
linux-sctp, target-devel, linux-stm32, devel, linux-cifs,
linux-scsi, kasan-dev, linux-wpan, Waiman Long, Dan Carpenter,
linux-pm, ecryptfs, linux-fscrypt, linux-mediatek, linux-amlogic,
linux-nfs, netdev, linux-wireless, linux-kernel, stable,
linux-bluetooth, linux-security-module, keyrings, tipc-discussion,
linux-crypto, Johannes Weiner, linux-integrity, linuxppc-dev,
wireguard, linux-ppp
In-Reply-To: <20200616154311.12314-1-longman@redhat.com>
The kzfree() function is normally used to clear some sensitive
information, like encryption keys, in the buffer before freeing it back
to the pool. Memset() is currently used for buffer clearing. However
unlikely, there is still a non-zero probability that the compiler may
choose to optimize away the memory clearing especially if LTO is being
used in the future. To make sure that this optimization will never
happen, memzero_explicit(), which is introduced in v3.18, is now used
in kzfree() to future-proof it.
Fixes: 3ef0e5ba4673 ("slab: introduce kzfree()")
Cc: stable@vger.kernel.org
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Waiman Long <longman@redhat.com>
---
mm/slab_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/slab_common.c b/mm/slab_common.c
index 9e72ba224175..37d48a56431d 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -1726,7 +1726,7 @@ void kzfree(const void *p)
if (unlikely(ZERO_OR_NULL_PTR(mem)))
return;
ks = ksize(mem);
- memset(mem, 0, ks);
+ memzero_explicit(mem, ks);
kfree(mem);
}
EXPORT_SYMBOL(kzfree);
--
2.18.1
^ permalink raw reply related
* [PATCH v5 2/2] mm, treewide: Rename kzfree() to kfree_sensitive()
From: Waiman Long @ 2020-06-16 15:43 UTC (permalink / raw)
To: Andrew Morton, David Howells, Jarkko Sakkinen, James Morris,
Serge E. Hallyn, Linus Torvalds, Joe Perches, Matthew Wilcox,
David Rientjes
Cc: Jason A . Donenfeld, Michal Hocko, virtualization, linux-mm,
linux-sctp, target-devel, linux-stm32, devel, linux-cifs,
linux-scsi, kasan-dev, linux-wpan, Waiman Long, Dan Carpenter,
linux-pm, ecryptfs, linux-fscrypt, linux-mediatek, linux-amlogic,
linux-nfs, netdev, linux-wireless, linux-kernel, linux-bluetooth,
linux-security-module, keyrings, tipc-discussion, linux-crypto,
Johannes Weiner, linux-integrity, linuxppc-dev, wireguard,
linux-ppp
In-Reply-To: <20200616154311.12314-1-longman@redhat.com>
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the
caller wants.
In "kzfree()", the z is actively detrimental, because maybe in the
future we really _might_ want to use that "memfill(0xdeadbeef)" or
something. The "zero" part of the interface isn't even _relevant_.
The main reason that kzfree() exists is to clear sensitive information
that should not be leaked to other future users of the same memory
objects.
Rename kzfree() to kfree_sensitive() to follow the example of the
recently added kvfree_sensitive() and make the intention of the API
more explicit. In addition, memzero_explicit() is used to clear the
memory to make sure that it won't get optimized away by the compiler.
The renaming is done by using the command sequence:
git grep -w --name-only kzfree |\
xargs sed -i 's/\bkzfree\b/kfree_sensitive/'
followed by some editing of the kfree_sensitive() kerneldoc and adding
a kzfree backward compatibility macro in slab.h.
Suggested-by: Joe Perches <joe@perches.com>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Waiman Long <longman@redhat.com>
---
arch/s390/crypto/prng.c | 4 +--
arch/x86/power/hibernate.c | 2 +-
crypto/adiantum.c | 2 +-
crypto/ahash.c | 4 +--
crypto/api.c | 2 +-
crypto/asymmetric_keys/verify_pefile.c | 4 +--
crypto/deflate.c | 2 +-
crypto/drbg.c | 10 +++---
crypto/ecc.c | 8 ++---
crypto/ecdh.c | 2 +-
crypto/gcm.c | 2 +-
crypto/gf128mul.c | 4 +--
crypto/jitterentropy-kcapi.c | 2 +-
crypto/rng.c | 2 +-
crypto/rsa-pkcs1pad.c | 6 ++--
crypto/seqiv.c | 2 +-
crypto/shash.c | 2 +-
crypto/skcipher.c | 2 +-
crypto/testmgr.c | 6 ++--
crypto/zstd.c | 2 +-
.../allwinner/sun8i-ce/sun8i-ce-cipher.c | 2 +-
.../allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +-
drivers/crypto/amlogic/amlogic-gxl-cipher.c | 4 +--
drivers/crypto/atmel-ecc.c | 2 +-
drivers/crypto/caam/caampkc.c | 28 +++++++--------
drivers/crypto/cavium/cpt/cptvf_main.c | 6 ++--
drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 12 +++----
drivers/crypto/cavium/nitrox/nitrox_lib.c | 4 +--
drivers/crypto/cavium/zip/zip_crypto.c | 6 ++--
drivers/crypto/ccp/ccp-crypto-rsa.c | 6 ++--
drivers/crypto/ccree/cc_aead.c | 4 +--
drivers/crypto/ccree/cc_buffer_mgr.c | 4 +--
drivers/crypto/ccree/cc_cipher.c | 6 ++--
drivers/crypto/ccree/cc_hash.c | 8 ++---
drivers/crypto/ccree/cc_request_mgr.c | 2 +-
drivers/crypto/marvell/cesa/hash.c | 2 +-
.../crypto/marvell/octeontx/otx_cptvf_main.c | 6 ++--
.../marvell/octeontx/otx_cptvf_reqmgr.h | 2 +-
drivers/crypto/mediatek/mtk-aes.c | 2 +-
drivers/crypto/nx/nx.c | 4 +--
drivers/crypto/virtio/virtio_crypto_algs.c | 12 +++----
drivers/crypto/virtio/virtio_crypto_core.c | 2 +-
drivers/md/dm-crypt.c | 32 ++++++++---------
drivers/md/dm-integrity.c | 6 ++--
drivers/misc/ibmvmc.c | 6 ++--
.../hisilicon/hns3/hns3pf/hclge_mbx.c | 2 +-
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 ++--
drivers/net/ppp/ppp_mppe.c | 6 ++--
drivers/net/wireguard/noise.c | 4 +--
drivers/net/wireguard/peer.c | 2 +-
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 +-
.../net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 ++--
drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 6 ++--
drivers/net/wireless/intersil/orinoco/wext.c | 4 +--
drivers/s390/crypto/ap_bus.h | 4 +--
drivers/staging/ks7010/ks_hostif.c | 2 +-
drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
drivers/staging/wlan-ng/p80211netdev.c | 2 +-
drivers/target/iscsi/iscsi_target_auth.c | 2 +-
fs/cifs/cifsencrypt.c | 2 +-
fs/cifs/connect.c | 10 +++---
fs/cifs/dfs_cache.c | 2 +-
fs/cifs/misc.c | 8 ++---
fs/crypto/keyring.c | 6 ++--
fs/crypto/keysetup_v1.c | 4 +--
fs/ecryptfs/keystore.c | 4 +--
fs/ecryptfs/messaging.c | 2 +-
include/crypto/aead.h | 2 +-
include/crypto/akcipher.h | 2 +-
include/crypto/gf128mul.h | 2 +-
include/crypto/hash.h | 2 +-
include/crypto/internal/acompress.h | 2 +-
include/crypto/kpp.h | 2 +-
include/crypto/skcipher.h | 2 +-
include/linux/slab.h | 4 ++-
lib/mpi/mpiutil.c | 6 ++--
lib/test_kasan.c | 6 ++--
mm/slab_common.c | 8 ++---
net/atm/mpoa_caches.c | 4 +--
net/bluetooth/ecdh_helper.c | 6 ++--
net/bluetooth/smp.c | 24 ++++++-------
net/core/sock.c | 2 +-
net/ipv4/tcp_fastopen.c | 2 +-
net/mac80211/aead_api.c | 4 +--
net/mac80211/aes_gmac.c | 2 +-
net/mac80211/key.c | 2 +-
net/mac802154/llsec.c | 20 +++++------
net/sctp/auth.c | 2 +-
net/sctp/socket.c | 2 +-
net/sunrpc/auth_gss/gss_krb5_crypto.c | 4 +--
net/sunrpc/auth_gss/gss_krb5_keys.c | 6 ++--
net/sunrpc/auth_gss/gss_krb5_mech.c | 2 +-
net/tipc/crypto.c | 10 +++---
net/wireless/core.c | 2 +-
net/wireless/ibss.c | 4 +--
net/wireless/lib80211_crypt_tkip.c | 2 +-
net/wireless/lib80211_crypt_wep.c | 2 +-
net/wireless/nl80211.c | 24 ++++++-------
net/wireless/sme.c | 6 ++--
net/wireless/util.c | 2 +-
net/wireless/wext-sme.c | 2 +-
scripts/coccinelle/free/devm_free.cocci | 4 +--
scripts/coccinelle/free/ifnullfree.cocci | 4 +--
scripts/coccinelle/free/kfree.cocci | 6 ++--
scripts/coccinelle/free/kfreeaddr.cocci | 2 +-
security/apparmor/domain.c | 4 +--
security/apparmor/include/file.h | 2 +-
security/apparmor/policy.c | 24 ++++++-------
security/apparmor/policy_ns.c | 6 ++--
security/apparmor/policy_unpack.c | 14 ++++----
security/keys/big_key.c | 6 ++--
security/keys/dh.c | 14 ++++----
security/keys/encrypted-keys/encrypted.c | 14 ++++----
security/keys/trusted-keys/trusted_tpm1.c | 34 +++++++++----------
security/keys/user_defined.c | 6 ++--
115 files changed, 322 insertions(+), 320 deletions(-)
diff --git a/arch/s390/crypto/prng.c b/arch/s390/crypto/prng.c
index d977643fa627..04caac037b7a 100644
--- a/arch/s390/crypto/prng.c
+++ b/arch/s390/crypto/prng.c
@@ -249,7 +249,7 @@ static void prng_tdes_deinstantiate(void)
{
pr_debug("The prng module stopped "
"after running in triple DES mode\n");
- kzfree(prng_data);
+ kfree_sensitive(prng_data);
}
@@ -442,7 +442,7 @@ static int __init prng_sha512_instantiate(void)
static void prng_sha512_deinstantiate(void)
{
pr_debug("The prng module stopped after running in SHA-512 mode\n");
- kzfree(prng_data);
+ kfree_sensitive(prng_data);
}
diff --git a/arch/x86/power/hibernate.c b/arch/x86/power/hibernate.c
index d147f1b2c925..cd3914fc9f3d 100644
--- a/arch/x86/power/hibernate.c
+++ b/arch/x86/power/hibernate.c
@@ -98,7 +98,7 @@ static int get_e820_md5(struct e820_table *table, void *buf)
if (crypto_shash_digest(desc, (u8 *)table, size, buf))
ret = -EINVAL;
- kzfree(desc);
+ kfree_sensitive(desc);
free_tfm:
crypto_free_shash(tfm);
diff --git a/crypto/adiantum.c b/crypto/adiantum.c
index cf2b9f4103dd..b7824e214961 100644
--- a/crypto/adiantum.c
+++ b/crypto/adiantum.c
@@ -177,7 +177,7 @@ static int adiantum_setkey(struct crypto_skcipher *tfm, const u8 *key,
keyp += NHPOLY1305_KEY_SIZE;
WARN_ON(keyp != &data->derived_keys[ARRAY_SIZE(data->derived_keys)]);
out:
- kzfree(data);
+ kfree_sensitive(data);
return err;
}
diff --git a/crypto/ahash.c b/crypto/ahash.c
index 68a0f0cb75c4..d9d65d1cc669 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -183,7 +183,7 @@ static int ahash_setkey_unaligned(struct crypto_ahash *tfm, const u8 *key,
alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
memcpy(alignbuffer, key, keylen);
ret = tfm->setkey(tfm, alignbuffer, keylen);
- kzfree(buffer);
+ kfree_sensitive(buffer);
return ret;
}
@@ -302,7 +302,7 @@ static void ahash_restore_req(struct ahash_request *req, int err)
req->priv = NULL;
/* Free the req->priv.priv from the ADJUSTED request. */
- kzfree(priv);
+ kfree_sensitive(priv);
}
static void ahash_notify_einprogress(struct ahash_request *req)
diff --git a/crypto/api.c b/crypto/api.c
index edcf690800d4..58f66ba09dac 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -565,7 +565,7 @@ void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
alg->cra_exit(tfm);
crypto_exit_ops(tfm);
crypto_mod_put(alg);
- kzfree(mem);
+ kfree_sensitive(mem);
}
EXPORT_SYMBOL_GPL(crypto_destroy_tfm);
diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c
index cc9dbcecaaca..7553ab18db89 100644
--- a/crypto/asymmetric_keys/verify_pefile.c
+++ b/crypto/asymmetric_keys/verify_pefile.c
@@ -376,7 +376,7 @@ static int pefile_digest_pe(const void *pebuf, unsigned int pelen,
}
error:
- kzfree(desc);
+ kfree_sensitive(desc);
error_no_desc:
crypto_free_shash(tfm);
kleave(" = %d", ret);
@@ -447,6 +447,6 @@ int verify_pefile_signature(const void *pebuf, unsigned pelen,
ret = pefile_digest_pe(pebuf, pelen, &ctx);
error:
- kzfree(ctx.digest);
+ kfree_sensitive(ctx.digest);
return ret;
}
diff --git a/crypto/deflate.c b/crypto/deflate.c
index 4c0e6c9d942a..b2a46f6dc961 100644
--- a/crypto/deflate.c
+++ b/crypto/deflate.c
@@ -163,7 +163,7 @@ static void __deflate_exit(void *ctx)
static void deflate_free_ctx(struct crypto_scomp *tfm, void *ctx)
{
__deflate_exit(ctx);
- kzfree(ctx);
+ kfree_sensitive(ctx);
}
static void deflate_exit(struct crypto_tfm *tfm)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 37526eb8c5d5..23ce5b55f40b 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1218,19 +1218,19 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
{
if (!drbg)
return;
- kzfree(drbg->Vbuf);
+ kfree_sensitive(drbg->Vbuf);
drbg->Vbuf = NULL;
drbg->V = NULL;
- kzfree(drbg->Cbuf);
+ kfree_sensitive(drbg->Cbuf);
drbg->Cbuf = NULL;
drbg->C = NULL;
- kzfree(drbg->scratchpadbuf);
+ kfree_sensitive(drbg->scratchpadbuf);
drbg->scratchpadbuf = NULL;
drbg->reseed_ctr = 0;
drbg->d_ops = NULL;
drbg->core = NULL;
if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
- kzfree(drbg->prev);
+ kfree_sensitive(drbg->prev);
drbg->prev = NULL;
drbg->fips_primed = false;
}
@@ -1699,7 +1699,7 @@ static int drbg_fini_hash_kernel(struct drbg_state *drbg)
struct sdesc *sdesc = (struct sdesc *)drbg->priv_data;
if (sdesc) {
crypto_free_shash(sdesc->shash.tfm);
- kzfree(sdesc);
+ kfree_sensitive(sdesc);
}
drbg->priv_data = NULL;
return 0;
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 02d35be7702b..37540332c1f3 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -67,7 +67,7 @@ static u64 *ecc_alloc_digits_space(unsigned int ndigits)
static void ecc_free_digits_space(u64 *space)
{
- kzfree(space);
+ kfree_sensitive(space);
}
static struct ecc_point *ecc_alloc_point(unsigned int ndigits)
@@ -101,9 +101,9 @@ static void ecc_free_point(struct ecc_point *p)
if (!p)
return;
- kzfree(p->x);
- kzfree(p->y);
- kzfree(p);
+ kfree_sensitive(p->x);
+ kfree_sensitive(p->y);
+ kfree_sensitive(p);
}
static void vli_clear(u64 *vli, unsigned int ndigits)
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index bd599053a8c4..b0232d6ab4ce 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -124,7 +124,7 @@ static int ecdh_compute_value(struct kpp_request *req)
/* fall through */
free_all:
- kzfree(shared_secret);
+ kfree_sensitive(shared_secret);
free_pubkey:
kfree(public_key);
return ret;
diff --git a/crypto/gcm.c b/crypto/gcm.c
index 0103d28c541e..5c2fbb08be56 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -139,7 +139,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
CRYPTO_TFM_REQ_MASK);
err = crypto_ahash_setkey(ghash, (u8 *)&data->hash, sizeof(be128));
out:
- kzfree(data);
+ kfree_sensitive(data);
return err;
}
diff --git a/crypto/gf128mul.c b/crypto/gf128mul.c
index a4b1c026aaee..a69ae3e6c16c 100644
--- a/crypto/gf128mul.c
+++ b/crypto/gf128mul.c
@@ -304,8 +304,8 @@ void gf128mul_free_64k(struct gf128mul_64k *t)
int i;
for (i = 0; i < 16; i++)
- kzfree(t->t[i]);
- kzfree(t);
+ kfree_sensitive(t->t[i]);
+ kfree_sensitive(t);
}
EXPORT_SYMBOL(gf128mul_free_64k);
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index b43684c0dade..eb7d1dd506bf 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -57,7 +57,7 @@ void *jent_zalloc(unsigned int len)
void jent_zfree(void *ptr)
{
- kzfree(ptr);
+ kfree_sensitive(ptr);
}
int jent_fips_enabled(void)
diff --git a/crypto/rng.c b/crypto/rng.c
index 1490d210f1a1..a888d84b524a 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -53,7 +53,7 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
err = crypto_rng_alg(tfm)->seed(tfm, seed, slen);
crypto_stats_rng_seed(alg, err);
out:
- kzfree(buf);
+ kfree_sensitive(buf);
return err;
}
EXPORT_SYMBOL_GPL(crypto_rng_reset);
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index d31031de51bc..6c992eb5c72f 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -199,7 +199,7 @@ static int pkcs1pad_encrypt_sign_complete(struct akcipher_request *req, int err)
sg_copy_from_buffer(req->dst,
sg_nents_for_len(req->dst, ctx->key_size),
out_buf, ctx->key_size);
- kzfree(out_buf);
+ kfree_sensitive(out_buf);
out:
req->dst_len = ctx->key_size;
@@ -322,7 +322,7 @@ static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
out_buf + pos, req->dst_len);
done:
- kzfree(req_ctx->out_buf);
+ kfree_sensitive(req_ctx->out_buf);
return err;
}
@@ -500,7 +500,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
req->dst_len) != 0)
err = -EKEYREJECTED;
done:
- kzfree(req_ctx->out_buf);
+ kfree_sensitive(req_ctx->out_buf);
return err;
}
diff --git a/crypto/seqiv.c b/crypto/seqiv.c
index f124b9b54e15..27b2387bc972 100644
--- a/crypto/seqiv.c
+++ b/crypto/seqiv.c
@@ -33,7 +33,7 @@ static void seqiv_aead_encrypt_complete2(struct aead_request *req, int err)
memcpy(req->iv, subreq->iv, crypto_aead_ivsize(geniv));
out:
- kzfree(subreq->iv);
+ kfree_sensitive(subreq->iv);
}
static void seqiv_aead_encrypt_complete(struct crypto_async_request *base,
diff --git a/crypto/shash.c b/crypto/shash.c
index e6a4b5f39b8c..2e3433ad9762 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -44,7 +44,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
memcpy(alignbuffer, key, keylen);
err = shash->setkey(tfm, alignbuffer, keylen);
- kzfree(buffer);
+ kfree_sensitive(buffer);
return err;
}
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index 7221def7b9a7..1c4a0d2132c3 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -592,7 +592,7 @@ static int skcipher_setkey_unaligned(struct crypto_skcipher *tfm,
alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
memcpy(alignbuffer, key, keylen);
ret = cipher->setkey(tfm, alignbuffer, keylen);
- kzfree(buffer);
+ kfree_sensitive(buffer);
return ret;
}
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 6863f911fcee..23c27fc96394 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1744,7 +1744,7 @@ static int test_hash_vs_generic_impl(const char *driver,
kfree(vec.plaintext);
kfree(vec.digest);
crypto_free_shash(generic_tfm);
- kzfree(generic_desc);
+ kfree_sensitive(generic_desc);
return err;
}
#else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
@@ -3665,7 +3665,7 @@ static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
if (IS_ERR(drng)) {
printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
"%s\n", driver);
- kzfree(buf);
+ kfree_sensitive(buf);
return -ENOMEM;
}
@@ -3712,7 +3712,7 @@ static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
outbuf:
crypto_free_rng(drng);
- kzfree(buf);
+ kfree_sensitive(buf);
return ret;
}
diff --git a/crypto/zstd.c b/crypto/zstd.c
index 5a3ff258d8f7..1a3309f066f7 100644
--- a/crypto/zstd.c
+++ b/crypto/zstd.c
@@ -137,7 +137,7 @@ static void __zstd_exit(void *ctx)
static void zstd_free_ctx(struct crypto_scomp *tfm, void *ctx)
{
__zstd_exit(ctx);
- kzfree(ctx);
+ kfree_sensitive(ctx);
}
static void zstd_exit(struct crypto_tfm *tfm)
diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
index a6abb701bfc6..999a357364d8 100644
--- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
+++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
@@ -257,7 +257,7 @@ static int sun8i_ce_cipher(struct skcipher_request *areq)
offset = areq->cryptlen - ivsize;
if (rctx->op_dir & CE_DECRYPTION) {
memcpy(areq->iv, backup_iv, ivsize);
- kzfree(backup_iv);
+ kfree_sensitive(backup_iv);
} else {
scatterwalk_map_and_copy(areq->iv, areq->dst, offset,
ivsize, 0);
diff --git a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
index c89cb2ee2496..a1d175589e18 100644
--- a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
+++ b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
@@ -250,7 +250,7 @@ static int sun8i_ss_cipher(struct skcipher_request *areq)
if (rctx->op_dir & SS_DECRYPTION) {
memcpy(areq->iv, backup_iv, ivsize);
memzero_explicit(backup_iv, ivsize);
- kzfree(backup_iv);
+ kfree_sensitive(backup_iv);
} else {
scatterwalk_map_and_copy(areq->iv, areq->dst, offset,
ivsize, 0);
diff --git a/drivers/crypto/amlogic/amlogic-gxl-cipher.c b/drivers/crypto/amlogic/amlogic-gxl-cipher.c
index 9819dd50fbad..fd1269900d67 100644
--- a/drivers/crypto/amlogic/amlogic-gxl-cipher.c
+++ b/drivers/crypto/amlogic/amlogic-gxl-cipher.c
@@ -254,8 +254,8 @@ static int meson_cipher(struct skcipher_request *areq)
}
}
theend:
- kzfree(bkeyiv);
- kzfree(backup_iv);
+ kfree_sensitive(bkeyiv);
+ kfree_sensitive(backup_iv);
return err;
}
diff --git a/drivers/crypto/atmel-ecc.c b/drivers/crypto/atmel-ecc.c
index ff02cc05affb..9bd8e5167be3 100644
--- a/drivers/crypto/atmel-ecc.c
+++ b/drivers/crypto/atmel-ecc.c
@@ -69,7 +69,7 @@ static void atmel_ecdh_done(struct atmel_i2c_work_data *work_data, void *areq,
/* fall through */
free_work_data:
- kzfree(work_data);
+ kfree_sensitive(work_data);
kpp_request_complete(req, status);
}
diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
index 2e44d685618f..dd5f101e43f8 100644
--- a/drivers/crypto/caam/caampkc.c
+++ b/drivers/crypto/caam/caampkc.c
@@ -854,14 +854,14 @@ static int caam_rsa_dec(struct akcipher_request *req)
static void caam_rsa_free_key(struct caam_rsa_key *key)
{
- kzfree(key->d);
- kzfree(key->p);
- kzfree(key->q);
- kzfree(key->dp);
- kzfree(key->dq);
- kzfree(key->qinv);
- kzfree(key->tmp1);
- kzfree(key->tmp2);
+ kfree_sensitive(key->d);
+ kfree_sensitive(key->p);
+ kfree_sensitive(key->q);
+ kfree_sensitive(key->dp);
+ kfree_sensitive(key->dq);
+ kfree_sensitive(key->qinv);
+ kfree_sensitive(key->tmp1);
+ kfree_sensitive(key->tmp2);
kfree(key->e);
kfree(key->n);
memset(key, 0, sizeof(*key));
@@ -1018,17 +1018,17 @@ static void caam_rsa_set_priv_key_form(struct caam_rsa_ctx *ctx,
return;
free_dq:
- kzfree(rsa_key->dq);
+ kfree_sensitive(rsa_key->dq);
free_dp:
- kzfree(rsa_key->dp);
+ kfree_sensitive(rsa_key->dp);
free_tmp2:
- kzfree(rsa_key->tmp2);
+ kfree_sensitive(rsa_key->tmp2);
free_tmp1:
- kzfree(rsa_key->tmp1);
+ kfree_sensitive(rsa_key->tmp1);
free_q:
- kzfree(rsa_key->q);
+ kfree_sensitive(rsa_key->q);
free_p:
- kzfree(rsa_key->p);
+ kfree_sensitive(rsa_key->p);
}
static int caam_rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
diff --git a/drivers/crypto/cavium/cpt/cptvf_main.c b/drivers/crypto/cavium/cpt/cptvf_main.c
index 0f72e9abdefe..a15245992cf9 100644
--- a/drivers/crypto/cavium/cpt/cptvf_main.c
+++ b/drivers/crypto/cavium/cpt/cptvf_main.c
@@ -74,7 +74,7 @@ static void cleanup_worker_threads(struct cpt_vf *cptvf)
for (i = 0; i < cptvf->nr_queues; i++)
tasklet_kill(&cwqe_info->vq_wqe[i].twork);
- kzfree(cwqe_info);
+ kfree_sensitive(cwqe_info);
cptvf->wqe_info = NULL;
}
@@ -88,7 +88,7 @@ static void free_pending_queues(struct pending_qinfo *pqinfo)
continue;
/* free single queue */
- kzfree((queue->head));
+ kfree_sensitive((queue->head));
queue->front = 0;
queue->rear = 0;
@@ -189,7 +189,7 @@ static void free_command_queues(struct cpt_vf *cptvf,
chunk->head = NULL;
chunk->dma_addr = 0;
hlist_del(&chunk->nextchunk);
- kzfree(chunk);
+ kfree_sensitive(chunk);
}
queue->nchunks = 0;
diff --git a/drivers/crypto/cavium/cpt/cptvf_reqmanager.c b/drivers/crypto/cavium/cpt/cptvf_reqmanager.c
index 7a24019356b5..472dbc2d7c5c 100644
--- a/drivers/crypto/cavium/cpt/cptvf_reqmanager.c
+++ b/drivers/crypto/cavium/cpt/cptvf_reqmanager.c
@@ -305,12 +305,12 @@ static void do_request_cleanup(struct cpt_vf *cptvf,
}
}
- kzfree(info->scatter_components);
- kzfree(info->gather_components);
- kzfree(info->out_buffer);
- kzfree(info->in_buffer);
- kzfree((void *)info->completion_addr);
- kzfree(info);
+ kfree_sensitive(info->scatter_components);
+ kfree_sensitive(info->gather_components);
+ kfree_sensitive(info->out_buffer);
+ kfree_sensitive(info->in_buffer);
+ kfree_sensitive((void *)info->completion_addr);
+ kfree_sensitive(info);
}
static void do_post_process(struct cpt_vf *cptvf, struct cpt_info_buffer *info)
diff --git a/drivers/crypto/cavium/nitrox/nitrox_lib.c b/drivers/crypto/cavium/nitrox/nitrox_lib.c
index 5cbc64b851b9..a5cdc2b48bd6 100644
--- a/drivers/crypto/cavium/nitrox/nitrox_lib.c
+++ b/drivers/crypto/cavium/nitrox/nitrox_lib.c
@@ -90,7 +90,7 @@ static void nitrox_free_aqm_queues(struct nitrox_device *ndev)
for (i = 0; i < ndev->nr_queues; i++) {
nitrox_cmdq_cleanup(ndev->aqmq[i]);
- kzfree(ndev->aqmq[i]);
+ kfree_sensitive(ndev->aqmq[i]);
ndev->aqmq[i] = NULL;
}
}
@@ -122,7 +122,7 @@ static int nitrox_alloc_aqm_queues(struct nitrox_device *ndev)
err = nitrox_cmdq_init(cmdq, AQM_Q_ALIGN_BYTES);
if (err) {
- kzfree(cmdq);
+ kfree_sensitive(cmdq);
goto aqmq_fail;
}
ndev->aqmq[i] = cmdq;
diff --git a/drivers/crypto/cavium/zip/zip_crypto.c b/drivers/crypto/cavium/zip/zip_crypto.c
index 4985bc812b0e..7df71fcebe8f 100644
--- a/drivers/crypto/cavium/zip/zip_crypto.c
+++ b/drivers/crypto/cavium/zip/zip_crypto.c
@@ -260,7 +260,7 @@ void *zip_alloc_scomp_ctx_deflate(struct crypto_scomp *tfm)
ret = zip_ctx_init(zip_ctx, 0);
if (ret) {
- kzfree(zip_ctx);
+ kfree_sensitive(zip_ctx);
return ERR_PTR(ret);
}
@@ -279,7 +279,7 @@ void *zip_alloc_scomp_ctx_lzs(struct crypto_scomp *tfm)
ret = zip_ctx_init(zip_ctx, 1);
if (ret) {
- kzfree(zip_ctx);
+ kfree_sensitive(zip_ctx);
return ERR_PTR(ret);
}
@@ -291,7 +291,7 @@ void zip_free_scomp_ctx(struct crypto_scomp *tfm, void *ctx)
struct zip_kernel_ctx *zip_ctx = ctx;
zip_ctx_exit(zip_ctx);
- kzfree(zip_ctx);
+ kfree_sensitive(zip_ctx);
}
int zip_scomp_compress(struct crypto_scomp *tfm,
diff --git a/drivers/crypto/ccp/ccp-crypto-rsa.c b/drivers/crypto/ccp/ccp-crypto-rsa.c
index 649c91d60401..1223ac70aea2 100644
--- a/drivers/crypto/ccp/ccp-crypto-rsa.c
+++ b/drivers/crypto/ccp/ccp-crypto-rsa.c
@@ -112,13 +112,13 @@ static int ccp_check_key_length(unsigned int len)
static void ccp_rsa_free_key_bufs(struct ccp_ctx *ctx)
{
/* Clean up old key data */
- kzfree(ctx->u.rsa.e_buf);
+ kfree_sensitive(ctx->u.rsa.e_buf);
ctx->u.rsa.e_buf = NULL;
ctx->u.rsa.e_len = 0;
- kzfree(ctx->u.rsa.n_buf);
+ kfree_sensitive(ctx->u.rsa.n_buf);
ctx->u.rsa.n_buf = NULL;
ctx->u.rsa.n_len = 0;
- kzfree(ctx->u.rsa.d_buf);
+ kfree_sensitive(ctx->u.rsa.d_buf);
ctx->u.rsa.d_buf = NULL;
ctx->u.rsa.d_len = 0;
}
diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index 1cf51edbc4b9..35794c7271fb 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -448,7 +448,7 @@ static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *authkey,
if (dma_mapping_error(dev, key_dma_addr)) {
dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
key, keylen);
- kzfree(key);
+ kfree_sensitive(key);
return -ENOMEM;
}
if (keylen > blocksize) {
@@ -533,7 +533,7 @@ static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *authkey,
if (key_dma_addr)
dma_unmap_single(dev, key_dma_addr, keylen, DMA_TO_DEVICE);
- kzfree(key);
+ kfree_sensitive(key);
return rc;
}
diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c
index b2bd093e7013..a5e041d9d2cf 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.c
+++ b/drivers/crypto/ccree/cc_buffer_mgr.c
@@ -488,7 +488,7 @@ void cc_unmap_aead_request(struct device *dev, struct aead_request *req)
if (areq_ctx->gen_ctx.iv_dma_addr) {
dma_unmap_single(dev, areq_ctx->gen_ctx.iv_dma_addr,
hw_iv_size, DMA_BIDIRECTIONAL);
- kzfree(areq_ctx->gen_ctx.iv);
+ kfree_sensitive(areq_ctx->gen_ctx.iv);
}
/* Release pool */
@@ -559,7 +559,7 @@ static int cc_aead_chain_iv(struct cc_drvdata *drvdata,
if (dma_mapping_error(dev, areq_ctx->gen_ctx.iv_dma_addr)) {
dev_err(dev, "Mapping iv %u B at va=%pK for DMA failed\n",
hw_iv_size, req->iv);
- kzfree(areq_ctx->gen_ctx.iv);
+ kfree_sensitive(areq_ctx->gen_ctx.iv);
areq_ctx->gen_ctx.iv = NULL;
rc = -ENOMEM;
goto chain_iv_exit;
diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
index 872ea3ff1c6b..110456e06c5e 100644
--- a/drivers/crypto/ccree/cc_cipher.c
+++ b/drivers/crypto/ccree/cc_cipher.c
@@ -229,7 +229,7 @@ static void cc_cipher_exit(struct crypto_tfm *tfm)
&ctx_p->user.key_dma_addr);
/* Free key buffer in context */
- kzfree(ctx_p->user.key);
+ kfree_sensitive(ctx_p->user.key);
dev_dbg(dev, "Free key buffer in context. key=@%p\n", ctx_p->user.key);
}
@@ -825,7 +825,7 @@ static void cc_cipher_complete(struct device *dev, void *cc_req, int err)
/* Not a BACKLOG notification */
cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst);
memcpy(req->iv, req_ctx->iv, ivsize);
- kzfree(req_ctx->iv);
+ kfree_sensitive(req_ctx->iv);
}
skcipher_request_complete(req, err);
@@ -927,7 +927,7 @@ static int cc_cipher_process(struct skcipher_request *req,
exit_process:
if (rc != -EINPROGRESS && rc != -EBUSY) {
- kzfree(req_ctx->iv);
+ kfree_sensitive(req_ctx->iv);
}
return rc;
diff --git a/drivers/crypto/ccree/cc_hash.c b/drivers/crypto/ccree/cc_hash.c
index d5310783af15..683c9a430e11 100644
--- a/drivers/crypto/ccree/cc_hash.c
+++ b/drivers/crypto/ccree/cc_hash.c
@@ -764,7 +764,7 @@ static int cc_hash_setkey(struct crypto_ahash *ahash, const u8 *key,
if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
ctx->key_params.key, keylen);
- kzfree(ctx->key_params.key);
+ kfree_sensitive(ctx->key_params.key);
return -ENOMEM;
}
dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
@@ -913,7 +913,7 @@ static int cc_hash_setkey(struct crypto_ahash *ahash, const u8 *key,
&ctx->key_params.key_dma_addr, ctx->key_params.keylen);
}
- kzfree(ctx->key_params.key);
+ kfree_sensitive(ctx->key_params.key);
return rc;
}
@@ -950,7 +950,7 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash,
if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
key, keylen);
- kzfree(ctx->key_params.key);
+ kfree_sensitive(ctx->key_params.key);
return -ENOMEM;
}
dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
@@ -999,7 +999,7 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash,
dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",
&ctx->key_params.key_dma_addr, ctx->key_params.keylen);
- kzfree(ctx->key_params.key);
+ kfree_sensitive(ctx->key_params.key);
return rc;
}
diff --git a/drivers/crypto/ccree/cc_request_mgr.c b/drivers/crypto/ccree/cc_request_mgr.c
index 1d7649ecf44e..33fb27745d52 100644
--- a/drivers/crypto/ccree/cc_request_mgr.c
+++ b/drivers/crypto/ccree/cc_request_mgr.c
@@ -107,7 +107,7 @@ void cc_req_mgr_fini(struct cc_drvdata *drvdata)
/* Kill tasklet */
tasklet_kill(&req_mgr_h->comptask);
#endif
- kzfree(req_mgr_h);
+ kfree_sensitive(req_mgr_h);
drvdata->request_mgr_handle = NULL;
}
diff --git a/drivers/crypto/marvell/cesa/hash.c b/drivers/crypto/marvell/cesa/hash.c
index b971284332b6..2fdd3d55ed08 100644
--- a/drivers/crypto/marvell/cesa/hash.c
+++ b/drivers/crypto/marvell/cesa/hash.c
@@ -1154,7 +1154,7 @@ static int mv_cesa_ahmac_pad_init(struct ahash_request *req,
}
/* Set the memory region to 0 to avoid any leak. */
- kzfree(keydup);
+ kfree_sensitive(keydup);
if (ret)
return ret;
diff --git a/drivers/crypto/marvell/octeontx/otx_cptvf_main.c b/drivers/crypto/marvell/octeontx/otx_cptvf_main.c
index ce3168327a39..228fe8e47e0e 100644
--- a/drivers/crypto/marvell/octeontx/otx_cptvf_main.c
+++ b/drivers/crypto/marvell/octeontx/otx_cptvf_main.c
@@ -68,7 +68,7 @@ static void cleanup_worker_threads(struct otx_cptvf *cptvf)
for (i = 0; i < cptvf->num_queues; i++)
tasklet_kill(&cwqe_info->vq_wqe[i].twork);
- kzfree(cwqe_info);
+ kfree_sensitive(cwqe_info);
cptvf->wqe_info = NULL;
}
@@ -82,7 +82,7 @@ static void free_pending_queues(struct otx_cpt_pending_qinfo *pqinfo)
continue;
/* free single queue */
- kzfree((queue->head));
+ kfree_sensitive((queue->head));
queue->front = 0;
queue->rear = 0;
queue->qlen = 0;
@@ -176,7 +176,7 @@ static void free_command_queues(struct otx_cptvf *cptvf,
chunk->head = NULL;
chunk->dma_addr = 0;
list_del(&chunk->nextchunk);
- kzfree(chunk);
+ kfree_sensitive(chunk);
}
queue->num_chunks = 0;
queue->idx = 0;
diff --git a/drivers/crypto/marvell/octeontx/otx_cptvf_reqmgr.h b/drivers/crypto/marvell/octeontx/otx_cptvf_reqmgr.h
index a4c9ff730b13..cfaaf8e2f9c2 100644
--- a/drivers/crypto/marvell/octeontx/otx_cptvf_reqmgr.h
+++ b/drivers/crypto/marvell/octeontx/otx_cptvf_reqmgr.h
@@ -215,7 +215,7 @@ static inline void do_request_cleanup(struct pci_dev *pdev,
DMA_BIDIRECTIONAL);
}
}
- kzfree(info);
+ kfree_sensitive(info);
}
struct otx_cptvf_wqe;
diff --git a/drivers/crypto/mediatek/mtk-aes.c b/drivers/crypto/mediatek/mtk-aes.c
index 78d660d963e2..5c71f85da7e2 100644
--- a/drivers/crypto/mediatek/mtk-aes.c
+++ b/drivers/crypto/mediatek/mtk-aes.c
@@ -1057,7 +1057,7 @@ static int mtk_aes_gcm_setkey(struct crypto_aead *aead, const u8 *key,
mtk_aes_write_state_be(ctx->key + ctx->keylen, data->hash,
AES_BLOCK_SIZE);
out:
- kzfree(data);
+ kfree_sensitive(data);
return err;
}
diff --git a/drivers/crypto/nx/nx.c b/drivers/crypto/nx/nx.c
index f03c238f5a31..40882d6d52c1 100644
--- a/drivers/crypto/nx/nx.c
+++ b/drivers/crypto/nx/nx.c
@@ -746,7 +746,7 @@ void nx_crypto_ctx_exit(struct crypto_tfm *tfm)
{
struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(tfm);
- kzfree(nx_ctx->kmem);
+ kfree_sensitive(nx_ctx->kmem);
nx_ctx->csbcpb = NULL;
nx_ctx->csbcpb_aead = NULL;
nx_ctx->in_sg = NULL;
@@ -762,7 +762,7 @@ void nx_crypto_ctx_aead_exit(struct crypto_aead *tfm)
{
struct nx_crypto_ctx *nx_ctx = crypto_aead_ctx(tfm);
- kzfree(nx_ctx->kmem);
+ kfree_sensitive(nx_ctx->kmem);
}
static int nx_probe(struct vio_dev *viodev, const struct vio_device_id *id)
diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c b/drivers/crypto/virtio/virtio_crypto_algs.c
index cb8a6ea2a4bc..930fc802d399 100644
--- a/drivers/crypto/virtio/virtio_crypto_algs.c
+++ b/drivers/crypto/virtio/virtio_crypto_algs.c
@@ -167,7 +167,7 @@ static int virtio_crypto_alg_skcipher_init_session(
num_in, vcrypto, GFP_ATOMIC);
if (err < 0) {
spin_unlock(&vcrypto->ctrl_lock);
- kzfree(cipher_key);
+ kfree_sensitive(cipher_key);
return err;
}
virtqueue_kick(vcrypto->ctrl_vq);
@@ -184,7 +184,7 @@ static int virtio_crypto_alg_skcipher_init_session(
spin_unlock(&vcrypto->ctrl_lock);
pr_err("virtio_crypto: Create session failed status: %u\n",
le32_to_cpu(vcrypto->input.status));
- kzfree(cipher_key);
+ kfree_sensitive(cipher_key);
return -EINVAL;
}
@@ -197,7 +197,7 @@ static int virtio_crypto_alg_skcipher_init_session(
spin_unlock(&vcrypto->ctrl_lock);
- kzfree(cipher_key);
+ kfree_sensitive(cipher_key);
return 0;
}
@@ -472,9 +472,9 @@ __virtio_crypto_skcipher_do_req(struct virtio_crypto_sym_request *vc_sym_req,
return 0;
free_iv:
- kzfree(iv);
+ kfree_sensitive(iv);
free:
- kzfree(req_data);
+ kfree_sensitive(req_data);
kfree(sgs);
return err;
}
@@ -583,7 +583,7 @@ static void virtio_crypto_skcipher_finalize_req(
scatterwalk_map_and_copy(req->iv, req->dst,
req->cryptlen - AES_BLOCK_SIZE,
AES_BLOCK_SIZE, 0);
- kzfree(vc_sym_req->iv);
+ kfree_sensitive(vc_sym_req->iv);
virtcrypto_clear_request(&vc_sym_req->base);
crypto_finalize_skcipher_request(vc_sym_req->base.dataq->engine,
diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c
index c8a962c62663..ba8a19c72391 100644
--- a/drivers/crypto/virtio/virtio_crypto_core.c
+++ b/drivers/crypto/virtio/virtio_crypto_core.c
@@ -17,7 +17,7 @@ void
virtcrypto_clear_request(struct virtio_crypto_request *vc_req)
{
if (vc_req) {
- kzfree(vc_req->req_data);
+ kfree_sensitive(vc_req->req_data);
kfree(vc_req->sgs);
}
}
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 000ddfab5ba0..5799df0c6643 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -407,7 +407,7 @@ static void crypt_iv_lmk_dtr(struct crypt_config *cc)
crypto_free_shash(lmk->hash_tfm);
lmk->hash_tfm = NULL;
- kzfree(lmk->seed);
+ kfree_sensitive(lmk->seed);
lmk->seed = NULL;
}
@@ -558,9 +558,9 @@ static void crypt_iv_tcw_dtr(struct crypt_config *cc)
{
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
- kzfree(tcw->iv_seed);
+ kfree_sensitive(tcw->iv_seed);
tcw->iv_seed = NULL;
- kzfree(tcw->whitening);
+ kfree_sensitive(tcw->whitening);
tcw->whitening = NULL;
if (tcw->crc32_tfm && !IS_ERR(tcw->crc32_tfm))
@@ -994,8 +994,8 @@ static int crypt_iv_elephant(struct crypt_config *cc, struct dm_crypt_request *d
kunmap_atomic(data);
out:
- kzfree(ks);
- kzfree(es);
+ kfree_sensitive(ks);
+ kfree_sensitive(es);
skcipher_request_free(req);
return r;
}
@@ -2294,7 +2294,7 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
key = request_key(type, key_desc + 1, NULL);
if (IS_ERR(key)) {
- kzfree(new_key_string);
+ kfree_sensitive(new_key_string);
return PTR_ERR(key);
}
@@ -2304,7 +2304,7 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
if (ret < 0) {
up_read(&key->sem);
key_put(key);
- kzfree(new_key_string);
+ kfree_sensitive(new_key_string);
return ret;
}
@@ -2318,10 +2318,10 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
if (!ret) {
set_bit(DM_CRYPT_KEY_VALID, &cc->flags);
- kzfree(cc->key_string);
+ kfree_sensitive(cc->key_string);
cc->key_string = new_key_string;
} else
- kzfree(new_key_string);
+ kfree_sensitive(new_key_string);
return ret;
}
@@ -2382,7 +2382,7 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
/* wipe references to any kernel keyring key */
- kzfree(cc->key_string);
+ kfree_sensitive(cc->key_string);
cc->key_string = NULL;
/* Decode key from its hex representation. */
@@ -2414,7 +2414,7 @@ static int crypt_wipe_key(struct crypt_config *cc)
return r;
}
- kzfree(cc->key_string);
+ kfree_sensitive(cc->key_string);
cc->key_string = NULL;
r = crypt_setkey(cc);
memset(&cc->key, 0, cc->key_size * sizeof(u8));
@@ -2493,15 +2493,15 @@ static void crypt_dtr(struct dm_target *ti)
if (cc->dev)
dm_put_device(ti, cc->dev);
- kzfree(cc->cipher_string);
- kzfree(cc->key_string);
- kzfree(cc->cipher_auth);
- kzfree(cc->authenc_key);
+ kfree_sensitive(cc->cipher_string);
+ kfree_sensitive(cc->key_string);
+ kfree_sensitive(cc->cipher_auth);
+ kfree_sensitive(cc->authenc_key);
mutex_destroy(&cc->bio_alloc_lock);
/* Must zero key material before freeing */
- kzfree(cc);
+ kfree_sensitive(cc);
spin_lock(&dm_crypt_clients_lock);
WARN_ON(!dm_crypt_clients_n);
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 81dc5ff08909..cb4a3c569802 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -3405,8 +3405,8 @@ static struct scatterlist **dm_integrity_alloc_journal_scatterlist(struct dm_int
static void free_alg(struct alg_spec *a)
{
- kzfree(a->alg_string);
- kzfree(a->key);
+ kfree_sensitive(a->alg_string);
+ kfree_sensitive(a->key);
memset(a, 0, sizeof *a);
}
@@ -4337,7 +4337,7 @@ static void dm_integrity_dtr(struct dm_target *ti)
for (i = 0; i < ic->journal_sections; i++) {
struct skcipher_request *req = ic->sk_requests[i];
if (req) {
- kzfree(req->iv);
+ kfree_sensitive(req->iv);
skcipher_request_free(req);
}
}
diff --git a/drivers/misc/ibmvmc.c b/drivers/misc/ibmvmc.c
index 2ed23c99f59f..beda69075a97 100644
--- a/drivers/misc/ibmvmc.c
+++ b/drivers/misc/ibmvmc.c
@@ -286,7 +286,7 @@ static void *alloc_dma_buffer(struct vio_dev *vdev, size_t size,
if (dma_mapping_error(&vdev->dev, *dma_handle)) {
*dma_handle = 0;
- kzfree(buffer);
+ kfree_sensitive(buffer);
return NULL;
}
@@ -310,7 +310,7 @@ static void free_dma_buffer(struct vio_dev *vdev, size_t size, void *vaddr,
dma_unmap_single(&vdev->dev, dma_handle, size, DMA_BIDIRECTIONAL);
/* deallocate memory */
- kzfree(vaddr);
+ kfree_sensitive(vaddr);
}
/**
@@ -883,7 +883,7 @@ static int ibmvmc_close(struct inode *inode, struct file *file)
spin_unlock_irqrestore(&hmc->lock, flags);
}
- kzfree(session);
+ kfree_sensitive(session);
return rc;
}
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c
index 0874ae47cb03..3ab6db2588d3 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c
@@ -137,7 +137,7 @@ static void hclge_free_vector_ring_chain(struct hnae3_ring_chain_node *head)
while (chain) {
chain_tmp = chain->next;
- kzfree(chain);
+ kfree_sensitive(chain);
chain = chain_tmp;
}
}
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 113f6087c7c9..e567f4ab8a79 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -960,9 +960,9 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
return 0;
err_aead:
- kzfree(xs->aead);
+ kfree_sensitive(xs->aead);
err_xs:
- kzfree(xs);
+ kfree_sensitive(xs);
err_out:
msgbuf[1] = err;
return err;
@@ -1047,7 +1047,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
ixgbe_ipsec_del_sa(xs);
/* remove the xs that was made-up in the add request */
- kzfree(xs);
+ kfree_sensitive(xs);
return 0;
}
diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c
index de3b57d09d0c..208f6e24f37c 100644
--- a/drivers/net/ppp/ppp_mppe.c
+++ b/drivers/net/ppp/ppp_mppe.c
@@ -222,7 +222,7 @@ static void *mppe_alloc(unsigned char *options, int optlen)
kfree(state->sha1_digest);
if (state->sha1) {
crypto_free_shash(state->sha1->tfm);
- kzfree(state->sha1);
+ kfree_sensitive(state->sha1);
}
kfree(state);
out:
@@ -238,8 +238,8 @@ static void mppe_free(void *arg)
if (state) {
kfree(state->sha1_digest);
crypto_free_shash(state->sha1->tfm);
- kzfree(state->sha1);
- kzfree(state);
+ kfree_sensitive(state->sha1);
+ kfree_sensitive(state);
}
}
diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c
index 626433690abb..4687e3d35d55 100644
--- a/drivers/net/wireguard/noise.c
+++ b/drivers/net/wireguard/noise.c
@@ -114,7 +114,7 @@ static struct noise_keypair *keypair_create(struct wg_peer *peer)
static void keypair_free_rcu(struct rcu_head *rcu)
{
- kzfree(container_of(rcu, struct noise_keypair, rcu));
+ kfree_sensitive(container_of(rcu, struct noise_keypair, rcu));
}
static void keypair_free_kref(struct kref *kref)
@@ -821,7 +821,7 @@ bool wg_noise_handshake_begin_session(struct noise_handshake *handshake,
handshake->entry.peer->device->index_hashtable,
&handshake->entry, &new_keypair->entry);
} else {
- kzfree(new_keypair);
+ kfree_sensitive(new_keypair);
}
rcu_read_unlock_bh();
diff --git a/drivers/net/wireguard/peer.c b/drivers/net/wireguard/peer.c
index 1d634bd3038f..b3b6370e6b95 100644
--- a/drivers/net/wireguard/peer.c
+++ b/drivers/net/wireguard/peer.c
@@ -203,7 +203,7 @@ static void rcu_release(struct rcu_head *rcu)
/* The final zeroing takes care of clearing any remaining handshake key
* material and other potentially sensitive information.
*/
- kzfree(peer);
+ kfree_sensitive(peer);
}
static void kref_release(struct kref *refcount)
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
index 24cb1b1f21f0..9463c108aa96 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
@@ -1369,7 +1369,7 @@ static void iwl_pcie_rx_handle_rb(struct iwl_trans *trans,
&rxcb, rxq->id);
if (reclaim) {
- kzfree(txq->entries[cmd_index].free_buf);
+ kfree_sensitive(txq->entries[cmd_index].free_buf);
txq->entries[cmd_index].free_buf = NULL;
}
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c b/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
index 7fc7542535d8..606bef2ecc7b 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
@@ -1026,7 +1026,7 @@ static int iwl_pcie_gen2_enqueue_hcmd(struct iwl_trans *trans,
BUILD_BUG_ON(IWL_TFH_NUM_TBS > sizeof(out_meta->tbs) * BITS_PER_BYTE);
out_meta->flags = cmd->flags;
if (WARN_ON_ONCE(txq->entries[idx].free_buf))
- kzfree(txq->entries[idx].free_buf);
+ kfree_sensitive(txq->entries[idx].free_buf);
txq->entries[idx].free_buf = dup_buf;
trace_iwlwifi_dev_hcmd(trans->dev, cmd, cmd_size, &out_cmd->hdr_wide);
@@ -1257,8 +1257,8 @@ static void iwl_pcie_gen2_txq_free(struct iwl_trans *trans, int txq_id)
/* De-alloc array of command/tx buffers */
if (txq_id == trans->txqs.cmd.q_id)
for (i = 0; i < txq->n_window; i++) {
- kzfree(txq->entries[i].cmd);
- kzfree(txq->entries[i].free_buf);
+ kfree_sensitive(txq->entries[i].cmd);
+ kfree_sensitive(txq->entries[i].free_buf);
}
del_timer_sync(&txq->stuck_timer);
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c
index 5c6c3fa0d29f..eb396c06b7fb 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c
@@ -721,8 +721,8 @@ static void iwl_pcie_txq_free(struct iwl_trans *trans, int txq_id)
/* De-alloc array of command/tx buffers */
if (txq_id == trans->txqs.cmd.q_id)
for (i = 0; i < txq->n_window; i++) {
- kzfree(txq->entries[i].cmd);
- kzfree(txq->entries[i].free_buf);
+ kfree_sensitive(txq->entries[i].cmd);
+ kfree_sensitive(txq->entries[i].free_buf);
}
/* De-alloc circular buffer of TFDs */
@@ -1765,7 +1765,7 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans,
BUILD_BUG_ON(IWL_TFH_NUM_TBS > sizeof(out_meta->tbs) * BITS_PER_BYTE);
out_meta->flags = cmd->flags;
if (WARN_ON_ONCE(txq->entries[idx].free_buf))
- kzfree(txq->entries[idx].free_buf);
+ kfree_sensitive(txq->entries[idx].free_buf);
txq->entries[idx].free_buf = dup_buf;
trace_iwlwifi_dev_hcmd(trans->dev, cmd, cmd_size, &out_cmd->hdr_wide);
diff --git a/drivers/net/wireless/intersil/orinoco/wext.c b/drivers/net/wireless/intersil/orinoco/wext.c
index 1d4dae422106..7b6c4ae8ddb3 100644
--- a/drivers/net/wireless/intersil/orinoco/wext.c
+++ b/drivers/net/wireless/intersil/orinoco/wext.c
@@ -31,8 +31,8 @@ static int orinoco_set_key(struct orinoco_private *priv, int index,
enum orinoco_alg alg, const u8 *key, int key_len,
const u8 *seq, int seq_len)
{
- kzfree(priv->keys[index].key);
- kzfree(priv->keys[index].seq);
+ kfree_sensitive(priv->keys[index].key);
+ kfree_sensitive(priv->keys[index].seq);
if (key_len) {
priv->keys[index].key = kzalloc(key_len, GFP_ATOMIC);
diff --git a/drivers/s390/crypto/ap_bus.h b/drivers/s390/crypto/ap_bus.h
index 053cc34d2ca2..823de10479bd 100644
--- a/drivers/s390/crypto/ap_bus.h
+++ b/drivers/s390/crypto/ap_bus.h
@@ -218,8 +218,8 @@ static inline void ap_init_message(struct ap_message *ap_msg)
*/
static inline void ap_release_message(struct ap_message *ap_msg)
{
- kzfree(ap_msg->message);
- kzfree(ap_msg->private);
+ kfree_sensitive(ap_msg->message);
+ kfree_sensitive(ap_msg->private);
}
/*
diff --git a/drivers/staging/ks7010/ks_hostif.c b/drivers/staging/ks7010/ks_hostif.c
index 2666f9e30c15..d70b671b06aa 100644
--- a/drivers/staging/ks7010/ks_hostif.c
+++ b/drivers/staging/ks7010/ks_hostif.c
@@ -246,7 +246,7 @@ michael_mic(u8 *key, u8 *data, unsigned int len, u8 priority, u8 *result)
ret = crypto_shash_finup(desc, data + 12, len - 12, result);
err_free_desc:
- kzfree(desc);
+ kfree_sensitive(desc);
err_free_tfm:
crypto_free_shash(tfm);
diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index 0f95009a30b6..ec9122070e58 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -2251,7 +2251,7 @@ static void gf_mulx(u8 *pad)
static void aes_encrypt_deinit(void *ctx)
{
- kzfree(ctx);
+ kfree_sensitive(ctx);
}
diff --git a/drivers/staging/wlan-ng/p80211netdev.c b/drivers/staging/wlan-ng/p80211netdev.c
index b809c0015c0c..7b091c5a2984 100644
--- a/drivers/staging/wlan-ng/p80211netdev.c
+++ b/drivers/staging/wlan-ng/p80211netdev.c
@@ -429,7 +429,7 @@ static netdev_tx_t p80211knetdev_hard_start_xmit(struct sk_buff *skb,
failed:
/* Free up the WEP buffer if it's not the same as the skb */
if ((p80211_wep.data) && (p80211_wep.data != skb->data))
- kzfree(p80211_wep.data);
+ kfree_sensitive(p80211_wep.data);
/* we always free the skb here, never in a lower level. */
if (!result)
diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
index 0e54627d9aa8..62d912b79c61 100644
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -484,7 +484,7 @@ static int chap_server_compute_hash(
pr_debug("[server] Sending CHAP_R=0x%s\n", response);
auth_ret = 0;
out:
- kzfree(desc);
+ kfree_sensitive(desc);
if (tfm)
crypto_free_shash(tfm);
kfree(initiatorchg);
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 874a551f339c..9daa256f69d4 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -797,7 +797,7 @@ calc_seckey(struct cifs_ses *ses)
ses->auth_key.len = CIFS_SESS_KEY_SIZE;
memzero_explicit(sec_key, CIFS_SESS_KEY_SIZE);
- kzfree(ctx_arc4);
+ kfree_sensitive(ctx_arc4);
return 0;
}
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 5fac34f192af..467db43d1e34 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2182,7 +2182,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
tmp_end++;
if (!(tmp_end < end && tmp_end[1] == delim)) {
/* No it is not. Set the password to NULL */
- kzfree(vol->password);
+ kfree_sensitive(vol->password);
vol->password = NULL;
break;
}
@@ -2220,7 +2220,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
options = end;
}
- kzfree(vol->password);
+ kfree_sensitive(vol->password);
/* Now build new password string */
temp_len = strlen(value);
vol->password = kzalloc(temp_len+1, GFP_KERNEL);
@@ -3198,7 +3198,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
rc = -ENOMEM;
kfree(vol->username);
vol->username = NULL;
- kzfree(vol->password);
+ kfree_sensitive(vol->password);
vol->password = NULL;
goto out_key_put;
}
@@ -4219,7 +4219,7 @@ void
cifs_cleanup_volume_info_contents(struct smb_vol *volume_info)
{
kfree(volume_info->username);
- kzfree(volume_info->password);
+ kfree_sensitive(volume_info->password);
kfree(volume_info->UNC);
kfree(volume_info->domainname);
kfree(volume_info->iocharset);
@@ -5343,7 +5343,7 @@ cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid)
out:
kfree(vol_info->username);
- kzfree(vol_info->password);
+ kfree_sensitive(vol_info->password);
kfree(vol_info);
return tcon;
diff --git a/fs/cifs/dfs_cache.c b/fs/cifs/dfs_cache.c
index df81c718d2fa..7a8d41493aad 100644
--- a/fs/cifs/dfs_cache.c
+++ b/fs/cifs/dfs_cache.c
@@ -1131,7 +1131,7 @@ static int dup_vol(struct smb_vol *vol, struct smb_vol *new)
err_free_unc:
kfree(new->UNC);
err_free_password:
- kzfree(new->password);
+ kfree_sensitive(new->password);
err_free_username:
kfree(new->username);
kfree(new);
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 56791a692c8b..2393e8aec5c6 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -103,12 +103,12 @@ sesInfoFree(struct cifs_ses *buf_to_free)
kfree(buf_to_free->serverOS);
kfree(buf_to_free->serverDomain);
kfree(buf_to_free->serverNOS);
- kzfree(buf_to_free->password);
+ kfree_sensitive(buf_to_free->password);
kfree(buf_to_free->user_name);
kfree(buf_to_free->domainName);
- kzfree(buf_to_free->auth_key.response);
+ kfree_sensitive(buf_to_free->auth_key.response);
kfree(buf_to_free->iface_list);
- kzfree(buf_to_free);
+ kfree_sensitive(buf_to_free);
}
struct cifs_tcon *
@@ -148,7 +148,7 @@ tconInfoFree(struct cifs_tcon *buf_to_free)
}
atomic_dec(&tconInfoAllocCount);
kfree(buf_to_free->nativeFileSystem);
- kzfree(buf_to_free->password);
+ kfree_sensitive(buf_to_free->password);
kfree(buf_to_free->crfid.fid);
#ifdef CONFIG_CIFS_DFS_UPCALL
kfree(buf_to_free->dfs_path);
diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
index e24eb48bfbe1..484086feea35 100644
--- a/fs/crypto/keyring.c
+++ b/fs/crypto/keyring.c
@@ -51,7 +51,7 @@ static void free_master_key(struct fscrypt_master_key *mk)
}
key_put(mk->mk_users);
- kzfree(mk);
+ kfree_sensitive(mk);
}
static inline bool valid_key_spec(const struct fscrypt_key_specifier *spec)
@@ -522,7 +522,7 @@ static int fscrypt_provisioning_key_preparse(struct key_preparsed_payload *prep)
static void fscrypt_provisioning_key_free_preparse(
struct key_preparsed_payload *prep)
{
- kzfree(prep->payload.data[0]);
+ kfree_sensitive(prep->payload.data[0]);
}
static void fscrypt_provisioning_key_describe(const struct key *key,
@@ -539,7 +539,7 @@ static void fscrypt_provisioning_key_describe(const struct key *key,
static void fscrypt_provisioning_key_destroy(struct key *key)
{
- kzfree(key->payload.data[0]);
+ kfree_sensitive(key->payload.data[0]);
}
static struct key_type key_type_fscrypt_provisioning = {
diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index 801b48c0cd7f..c8a930f8faf2 100644
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -155,7 +155,7 @@ static void free_direct_key(struct fscrypt_direct_key *dk)
{
if (dk) {
crypto_free_skcipher(dk->dk_ctfm);
- kzfree(dk);
+ kfree_sensitive(dk);
}
}
@@ -285,7 +285,7 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci,
err = fscrypt_set_per_file_enc_key(ci, derived_key);
out:
- kzfree(derived_key);
+ kfree_sensitive(derived_key);
return err;
}
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index af3eb02bbca1..f6a17d259db7 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -838,7 +838,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
out_release_free_unlock:
crypto_free_shash(s->hash_tfm);
out_free_unlock:
- kzfree(s->block_aligned_filename);
+ kfree_sensitive(s->block_aligned_filename);
out_unlock:
mutex_unlock(s->tfm_mutex);
out:
@@ -847,7 +847,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
key_put(auth_tok_key);
}
skcipher_request_free(s->skcipher_req);
- kzfree(s->hash_desc);
+ kfree_sensitive(s->hash_desc);
kfree(s);
return rc;
}
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
index 8646ba76def3..c0dfd9647627 100644
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -175,7 +175,7 @@ int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon)
}
hlist_del(&daemon->euid_chain);
mutex_unlock(&daemon->mux);
- kzfree(daemon);
+ kfree_sensitive(daemon);
out:
return rc;
}
diff --git a/include/crypto/aead.h b/include/crypto/aead.h
index 62c68550aab6..c32a6f5664e9 100644
--- a/include/crypto/aead.h
+++ b/include/crypto/aead.h
@@ -425,7 +425,7 @@ static inline struct aead_request *aead_request_alloc(struct crypto_aead *tfm,
*/
static inline void aead_request_free(struct aead_request *req)
{
- kzfree(req);
+ kfree_sensitive(req);
}
/**
diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 6924b091adec..1d3aa252caba 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -207,7 +207,7 @@ static inline struct akcipher_request *akcipher_request_alloc(
*/
static inline void akcipher_request_free(struct akcipher_request *req)
{
- kzfree(req);
+ kfree_sensitive(req);
}
/**
diff --git a/include/crypto/gf128mul.h b/include/crypto/gf128mul.h
index fa0a63d298dc..81330c6446f6 100644
--- a/include/crypto/gf128mul.h
+++ b/include/crypto/gf128mul.h
@@ -230,7 +230,7 @@ void gf128mul_4k_bbe(be128 *a, const struct gf128mul_4k *t);
void gf128mul_x8_ble(le128 *r, const le128 *x);
static inline void gf128mul_free_4k(struct gf128mul_4k *t)
{
- kzfree(t);
+ kfree_sensitive(t);
}
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 4829d2367eda..8d036b54cbff 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -606,7 +606,7 @@ static inline struct ahash_request *ahash_request_alloc(
*/
static inline void ahash_request_free(struct ahash_request *req)
{
- kzfree(req);
+ kfree_sensitive(req);
}
static inline void ahash_request_zero(struct ahash_request *req)
diff --git a/include/crypto/internal/acompress.h b/include/crypto/internal/acompress.h
index cf478681b53e..cfc47e18820f 100644
--- a/include/crypto/internal/acompress.h
+++ b/include/crypto/internal/acompress.h
@@ -46,7 +46,7 @@ static inline struct acomp_req *__acomp_request_alloc(struct crypto_acomp *tfm)
static inline void __acomp_request_free(struct acomp_req *req)
{
- kzfree(req);
+ kfree_sensitive(req);
}
/**
diff --git a/include/crypto/kpp.h b/include/crypto/kpp.h
index cd9a9b500624..88b591215d5c 100644
--- a/include/crypto/kpp.h
+++ b/include/crypto/kpp.h
@@ -187,7 +187,7 @@ static inline struct kpp_request *kpp_request_alloc(struct crypto_kpp *tfm,
*/
static inline void kpp_request_free(struct kpp_request *req)
{
- kzfree(req);
+ kfree_sensitive(req);
}
/**
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 141e7690f9c3..1013c9cbae69 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -508,7 +508,7 @@ static inline struct skcipher_request *skcipher_request_alloc(
*/
static inline void skcipher_request_free(struct skcipher_request *req)
{
- kzfree(req);
+ kfree_sensitive(req);
}
static inline void skcipher_request_zero(struct skcipher_request *req)
diff --git a/include/linux/slab.h b/include/linux/slab.h
index 6d454886bcaf..0884d82c55ee 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -186,10 +186,12 @@ void memcg_deactivate_kmem_caches(struct mem_cgroup *, struct mem_cgroup *);
*/
void * __must_check krealloc(const void *, size_t, gfp_t);
void kfree(const void *);
-void kzfree(const void *);
+void kfree_sensitive(const void *);
size_t __ksize(const void *);
size_t ksize(const void *);
+#define kzfree(x) kfree_sensitive(x) /* For backward compatibility */
+
#ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR
void __check_heap_object(const void *ptr, unsigned long n, struct page *page,
bool to_user);
diff --git a/lib/mpi/mpiutil.c b/lib/mpi/mpiutil.c
index 20ed0f766787..4cd2b335cb7f 100644
--- a/lib/mpi/mpiutil.c
+++ b/lib/mpi/mpiutil.c
@@ -69,7 +69,7 @@ void mpi_free_limb_space(mpi_ptr_t a)
if (!a)
return;
- kzfree(a);
+ kfree_sensitive(a);
}
void mpi_assign_limb_space(MPI a, mpi_ptr_t ap, unsigned nlimbs)
@@ -95,7 +95,7 @@ int mpi_resize(MPI a, unsigned nlimbs)
if (!p)
return -ENOMEM;
memcpy(p, a->d, a->alloced * sizeof(mpi_limb_t));
- kzfree(a->d);
+ kfree_sensitive(a->d);
a->d = p;
} else {
a->d = kcalloc(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL);
@@ -112,7 +112,7 @@ void mpi_free(MPI a)
return;
if (a->flags & 4)
- kzfree(a->d);
+ kfree_sensitive(a->d);
else
mpi_free_limb_space(a->d);
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index dc2c6a51d11a..e4d9a86b174b 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -766,15 +766,15 @@ static noinline void __init kmalloc_double_kzfree(void)
char *ptr;
size_t size = 16;
- pr_info("double-free (kzfree)\n");
+ pr_info("double-free (kfree_sensitive)\n");
ptr = kmalloc(size, GFP_KERNEL);
if (!ptr) {
pr_err("Allocation failed\n");
return;
}
- kzfree(ptr);
- kzfree(ptr);
+ kfree_sensitive(ptr);
+ kfree_sensitive(ptr);
}
#ifdef CONFIG_KASAN_VMALLOC
diff --git a/mm/slab_common.c b/mm/slab_common.c
index 37d48a56431d..aeedf241e2e6 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -1708,17 +1708,17 @@ void *krealloc(const void *p, size_t new_size, gfp_t flags)
EXPORT_SYMBOL(krealloc);
/**
- * kzfree - like kfree but zero memory
+ * kfree_sensitive - Clear sensitive information in memory before freeing
* @p: object to free memory of
*
* The memory of the object @p points to is zeroed before freed.
- * If @p is %NULL, kzfree() does nothing.
+ * If @p is %NULL, kfree_sensitive() does nothing.
*
* Note: this function zeroes the whole allocated buffer which can be a good
* deal bigger than the requested buffer size passed to kmalloc(). So be
* careful when using this function in performance sensitive code.
*/
-void kzfree(const void *p)
+void kfree_sensitive(const void *p)
{
size_t ks;
void *mem = (void *)p;
@@ -1729,7 +1729,7 @@ void kzfree(const void *p)
memzero_explicit(mem, ks);
kfree(mem);
}
-EXPORT_SYMBOL(kzfree);
+EXPORT_SYMBOL(kfree_sensitive);
/**
* ksize - get the actual amount of memory allocated for a given object
diff --git a/net/atm/mpoa_caches.c b/net/atm/mpoa_caches.c
index 3286f9d527d3..f7a2f0e41105 100644
--- a/net/atm/mpoa_caches.c
+++ b/net/atm/mpoa_caches.c
@@ -180,7 +180,7 @@ static int cache_hit(in_cache_entry *entry, struct mpoa_client *mpc)
static void in_cache_put(in_cache_entry *entry)
{
if (refcount_dec_and_test(&entry->use)) {
- kzfree(entry);
+ kfree_sensitive(entry);
}
}
@@ -415,7 +415,7 @@ static eg_cache_entry *eg_cache_get_by_src_ip(__be32 ipaddr,
static void eg_cache_put(eg_cache_entry *entry)
{
if (refcount_dec_and_test(&entry->use)) {
- kzfree(entry);
+ kfree_sensitive(entry);
}
}
diff --git a/net/bluetooth/ecdh_helper.c b/net/bluetooth/ecdh_helper.c
index 2155ce802877..3226fe02e875 100644
--- a/net/bluetooth/ecdh_helper.c
+++ b/net/bluetooth/ecdh_helper.c
@@ -104,7 +104,7 @@ int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64],
free_all:
kpp_request_free(req);
free_tmp:
- kzfree(tmp);
+ kfree_sensitive(tmp);
return err;
}
@@ -151,9 +151,9 @@ int set_ecdh_privkey(struct crypto_kpp *tfm, const u8 private_key[32])
err = crypto_kpp_set_secret(tfm, buf, buf_len);
/* fall through */
free_all:
- kzfree(buf);
+ kfree_sensitive(buf);
free_tmp:
- kzfree(tmp);
+ kfree_sensitive(tmp);
return err;
}
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index c2c5ab05fa7e..684e60e1915c 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -753,9 +753,9 @@ static void smp_chan_destroy(struct l2cap_conn *conn)
complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
mgmt_smp_complete(hcon, complete);
- kzfree(smp->csrk);
- kzfree(smp->slave_csrk);
- kzfree(smp->link_key);
+ kfree_sensitive(smp->csrk);
+ kfree_sensitive(smp->slave_csrk);
+ kfree_sensitive(smp->link_key);
crypto_free_shash(smp->tfm_cmac);
crypto_free_kpp(smp->tfm_ecdh);
@@ -789,7 +789,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn)
}
chan->data = NULL;
- kzfree(smp);
+ kfree_sensitive(smp);
hci_conn_drop(hcon);
}
@@ -1156,7 +1156,7 @@ static void sc_generate_link_key(struct smp_chan *smp)
const u8 salt[16] = { 0x31, 0x70, 0x6d, 0x74 };
if (smp_h7(smp->tfm_cmac, smp->tk, salt, smp->link_key)) {
- kzfree(smp->link_key);
+ kfree_sensitive(smp->link_key);
smp->link_key = NULL;
return;
}
@@ -1165,14 +1165,14 @@ static void sc_generate_link_key(struct smp_chan *smp)
const u8 tmp1[4] = { 0x31, 0x70, 0x6d, 0x74 };
if (smp_h6(smp->tfm_cmac, smp->tk, tmp1, smp->link_key)) {
- kzfree(smp->link_key);
+ kfree_sensitive(smp->link_key);
smp->link_key = NULL;
return;
}
}
if (smp_h6(smp->tfm_cmac, smp->link_key, lebr, smp->link_key)) {
- kzfree(smp->link_key);
+ kfree_sensitive(smp->link_key);
smp->link_key = NULL;
return;
}
@@ -1407,7 +1407,7 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
free_shash:
crypto_free_shash(smp->tfm_cmac);
zfree_smp:
- kzfree(smp);
+ kfree_sensitive(smp);
return NULL;
}
@@ -3278,7 +3278,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
if (IS_ERR(tfm_cmac)) {
BT_ERR("Unable to create CMAC crypto context");
- kzfree(smp);
+ kfree_sensitive(smp);
return ERR_CAST(tfm_cmac);
}
@@ -3286,7 +3286,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
if (IS_ERR(tfm_ecdh)) {
BT_ERR("Unable to create ECDH crypto context");
crypto_free_shash(tfm_cmac);
- kzfree(smp);
+ kfree_sensitive(smp);
return ERR_CAST(tfm_ecdh);
}
@@ -3300,7 +3300,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
if (smp) {
crypto_free_shash(smp->tfm_cmac);
crypto_free_kpp(smp->tfm_ecdh);
- kzfree(smp);
+ kfree_sensitive(smp);
}
return ERR_PTR(-ENOMEM);
}
@@ -3347,7 +3347,7 @@ static void smp_del_chan(struct l2cap_chan *chan)
chan->data = NULL;
crypto_free_shash(smp->tfm_cmac);
crypto_free_kpp(smp->tfm_ecdh);
- kzfree(smp);
+ kfree_sensitive(smp);
}
l2cap_chan_put(chan);
diff --git a/net/core/sock.c b/net/core/sock.c
index 6c4acf1f0220..8cf1a6a5cc5b 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2271,7 +2271,7 @@ static inline void __sock_kfree_s(struct sock *sk, void *mem, int size,
if (WARN_ON_ONCE(!mem))
return;
if (nullify)
- kzfree(mem);
+ kfree_sensitive(mem);
else
kfree(mem);
atomic_sub(size, &sk->sk_omem_alloc);
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index 19ad9586c720..c1a54f3d58f5 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -38,7 +38,7 @@ static void tcp_fastopen_ctx_free(struct rcu_head *head)
struct tcp_fastopen_context *ctx =
container_of(head, struct tcp_fastopen_context, rcu);
- kzfree(ctx);
+ kfree_sensitive(ctx);
}
void tcp_fastopen_destroy_cipher(struct sock *sk)
diff --git a/net/mac80211/aead_api.c b/net/mac80211/aead_api.c
index c5fe95e49c68..d7b3d905d535 100644
--- a/net/mac80211/aead_api.c
+++ b/net/mac80211/aead_api.c
@@ -41,7 +41,7 @@ int aead_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len,
aead_request_set_ad(aead_req, sg[0].length);
crypto_aead_encrypt(aead_req);
- kzfree(aead_req);
+ kfree_sensitive(aead_req);
return 0;
}
@@ -76,7 +76,7 @@ int aead_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len,
aead_request_set_ad(aead_req, sg[0].length);
err = crypto_aead_decrypt(aead_req);
- kzfree(aead_req);
+ kfree_sensitive(aead_req);
return err;
}
diff --git a/net/mac80211/aes_gmac.c b/net/mac80211/aes_gmac.c
index 16ba09cb5def..6f3b3a0cc10a 100644
--- a/net/mac80211/aes_gmac.c
+++ b/net/mac80211/aes_gmac.c
@@ -60,7 +60,7 @@ int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len);
crypto_aead_encrypt(aead_req);
- kzfree(aead_req);
+ kfree_sensitive(aead_req);
return 0;
}
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 8f403c1bb908..6bb765721862 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -732,7 +732,7 @@ static void ieee80211_key_free_common(struct ieee80211_key *key)
ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
break;
}
- kzfree(key);
+ kfree_sensitive(key);
}
static void __ieee80211_key_destroy(struct ieee80211_key *key,
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index c079ee69d3d0..585d33144c33 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -49,7 +49,7 @@ void mac802154_llsec_destroy(struct mac802154_llsec *sec)
msl = container_of(sl, struct mac802154_llsec_seclevel, level);
list_del(&sl->list);
- kzfree(msl);
+ kfree_sensitive(msl);
}
list_for_each_entry_safe(dev, dn, &sec->table.devices, list) {
@@ -66,7 +66,7 @@ void mac802154_llsec_destroy(struct mac802154_llsec *sec)
mkey = container_of(key->key, struct mac802154_llsec_key, key);
list_del(&key->list);
llsec_key_put(mkey);
- kzfree(key);
+ kfree_sensitive(key);
}
}
@@ -155,7 +155,7 @@ llsec_key_alloc(const struct ieee802154_llsec_key *template)
if (key->tfm[i])
crypto_free_aead(key->tfm[i]);
- kzfree(key);
+ kfree_sensitive(key);
return NULL;
}
@@ -170,7 +170,7 @@ static void llsec_key_release(struct kref *ref)
crypto_free_aead(key->tfm[i]);
crypto_free_sync_skcipher(key->tfm0);
- kzfree(key);
+ kfree_sensitive(key);
}
static struct mac802154_llsec_key*
@@ -261,7 +261,7 @@ int mac802154_llsec_key_add(struct mac802154_llsec *sec,
return 0;
fail:
- kzfree(new);
+ kfree_sensitive(new);
return -ENOMEM;
}
@@ -341,10 +341,10 @@ static void llsec_dev_free(struct mac802154_llsec_device *dev)
devkey);
list_del(&pos->list);
- kzfree(devkey);
+ kfree_sensitive(devkey);
}
- kzfree(dev);
+ kfree_sensitive(dev);
}
int mac802154_llsec_dev_add(struct mac802154_llsec *sec,
@@ -682,7 +682,7 @@ llsec_do_encrypt_auth(struct sk_buff *skb, const struct mac802154_llsec *sec,
rc = crypto_aead_encrypt(req);
- kzfree(req);
+ kfree_sensitive(req);
return rc;
}
@@ -886,7 +886,7 @@ llsec_do_decrypt_auth(struct sk_buff *skb, const struct mac802154_llsec *sec,
rc = crypto_aead_decrypt(req);
- kzfree(req);
+ kfree_sensitive(req);
skb_trim(skb, skb->len - authlen);
return rc;
@@ -926,7 +926,7 @@ llsec_update_devkey_record(struct mac802154_llsec_device *dev,
if (!devkey)
list_add_rcu(&next->devkey.list, &dev->dev.keys);
else
- kzfree(next);
+ kfree_sensitive(next);
spin_unlock_bh(&dev->lock);
}
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 83e97e8892e0..9e289c770574 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -49,7 +49,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key)
return;
if (refcount_dec_and_test(&key->refcnt)) {
- kzfree(key);
+ kfree_sensitive(key);
SCTP_DBG_OBJCNT_DEC(keys);
}
}
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index d57e1a002ffc..3581ccee34d6 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3755,7 +3755,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk,
}
out:
- kzfree(authkey);
+ kfree_sensitive(authkey);
return ret;
}
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index e7180da1fc6a..794fb3001880 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -1003,7 +1003,7 @@ krb5_rc4_setup_seq_key(struct krb5_ctx *kctx,
err = 0;
out_err:
- kzfree(desc);
+ kfree_sensitive(desc);
crypto_free_shash(hmac);
dprintk("%s: returning %d\n", __func__, err);
return err;
@@ -1079,7 +1079,7 @@ krb5_rc4_setup_enc_key(struct krb5_ctx *kctx,
err = 0;
out_err:
- kzfree(desc);
+ kfree_sensitive(desc);
crypto_free_shash(hmac);
dprintk("%s: returning %d\n", __func__, err);
return err;
diff --git a/net/sunrpc/auth_gss/gss_krb5_keys.c b/net/sunrpc/auth_gss/gss_krb5_keys.c
index 3b7f721c023b..726c076950c0 100644
--- a/net/sunrpc/auth_gss/gss_krb5_keys.c
+++ b/net/sunrpc/auth_gss/gss_krb5_keys.c
@@ -228,11 +228,11 @@ u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e,
ret = 0;
err_free_raw:
- kzfree(rawkey);
+ kfree_sensitive(rawkey);
err_free_out:
- kzfree(outblockdata);
+ kfree_sensitive(outblockdata);
err_free_in:
- kzfree(inblockdata);
+ kfree_sensitive(inblockdata);
err_free_cipher:
crypto_free_sync_skcipher(cipher);
err_return:
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 75b3c2e9e8f8..a84a5b289484 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -443,7 +443,7 @@ context_derive_keys_rc4(struct krb5_ctx *ctx)
desc->tfm = hmac;
err = crypto_shash_digest(desc, sigkeyconstant, slen, ctx->cksum);
- kzfree(desc);
+ kfree_sensitive(desc);
if (err)
goto out_err_free_hmac;
/*
diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
index c8c47fc72653..001bcb0f2480 100644
--- a/net/tipc/crypto.c
+++ b/net/tipc/crypto.c
@@ -441,7 +441,7 @@ static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey,
/* Allocate per-cpu TFM entry pointer */
tmp->tfm_entry = alloc_percpu(struct tipc_tfm *);
if (!tmp->tfm_entry) {
- kzfree(tmp);
+ kfree_sensitive(tmp);
return -ENOMEM;
}
@@ -491,7 +491,7 @@ static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey,
/* Not any TFM is allocated? */
if (!tfm_cnt) {
free_percpu(tmp->tfm_entry);
- kzfree(tmp);
+ kfree_sensitive(tmp);
return err;
}
@@ -545,7 +545,7 @@ static int tipc_aead_clone(struct tipc_aead **dst, struct tipc_aead *src)
aead->tfm_entry = alloc_percpu_gfp(struct tipc_tfm *, GFP_ATOMIC);
if (unlikely(!aead->tfm_entry)) {
- kzfree(aead);
+ kfree_sensitive(aead);
return -ENOMEM;
}
@@ -1352,7 +1352,7 @@ int tipc_crypto_start(struct tipc_crypto **crypto, struct net *net,
/* Allocate statistic structure */
c->stats = alloc_percpu_gfp(struct tipc_crypto_stats, GFP_ATOMIC);
if (!c->stats) {
- kzfree(c);
+ kfree_sensitive(c);
return -ENOMEM;
}
@@ -1408,7 +1408,7 @@ void tipc_crypto_stop(struct tipc_crypto **crypto)
free_percpu(c->stats);
*crypto = NULL;
- kzfree(c);
+ kfree_sensitive(c);
}
void tipc_crypto_timeout(struct tipc_crypto *rx)
diff --git a/net/wireless/core.c b/net/wireless/core.c
index c623d9bf5096..8e764e170c73 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -1124,7 +1124,7 @@ static void __cfg80211_unregister_wdev(struct wireless_dev *wdev, bool sync)
}
#ifdef CONFIG_CFG80211_WEXT
- kzfree(wdev->wext.keys);
+ kfree_sensitive(wdev->wext.keys);
wdev->wext.keys = NULL;
#endif
/* only initialized if we have a netdev */
diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c
index ae8fe66a9bb8..a0621bb76d8e 100644
--- a/net/wireless/ibss.c
+++ b/net/wireless/ibss.c
@@ -127,7 +127,7 @@ int __cfg80211_join_ibss(struct cfg80211_registered_device *rdev,
return -EINVAL;
if (WARN_ON(wdev->connect_keys))
- kzfree(wdev->connect_keys);
+ kfree_sensitive(wdev->connect_keys);
wdev->connect_keys = connkeys;
wdev->ibss_fixed = params->channel_fixed;
@@ -161,7 +161,7 @@ static void __cfg80211_clear_ibss(struct net_device *dev, bool nowext)
ASSERT_WDEV_LOCK(wdev);
- kzfree(wdev->connect_keys);
+ kfree_sensitive(wdev->connect_keys);
wdev->connect_keys = NULL;
rdev_set_qos_map(rdev, dev, NULL);
diff --git a/net/wireless/lib80211_crypt_tkip.c b/net/wireless/lib80211_crypt_tkip.c
index f5e842ba7673..1b4d6c87a5c5 100644
--- a/net/wireless/lib80211_crypt_tkip.c
+++ b/net/wireless/lib80211_crypt_tkip.c
@@ -131,7 +131,7 @@ static void lib80211_tkip_deinit(void *priv)
crypto_free_shash(_priv->tx_tfm_michael);
crypto_free_shash(_priv->rx_tfm_michael);
}
- kzfree(priv);
+ kfree_sensitive(priv);
}
static inline u16 RotR1(u16 val)
diff --git a/net/wireless/lib80211_crypt_wep.c b/net/wireless/lib80211_crypt_wep.c
index dafc6f3571db..6ab9957b8f96 100644
--- a/net/wireless/lib80211_crypt_wep.c
+++ b/net/wireless/lib80211_crypt_wep.c
@@ -56,7 +56,7 @@ static void *lib80211_wep_init(int keyidx)
static void lib80211_wep_deinit(void *priv)
{
- kzfree(priv);
+ kfree_sensitive(priv);
}
/* Add WEP IV/key info to a frame that has at least 4 bytes of headroom */
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 263ae395ad44..d30cf356a412 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -9829,7 +9829,7 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
no_ht) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
return -EINVAL;
}
}
@@ -9841,7 +9841,7 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
int r = validate_pae_over_nl80211(rdev, info);
if (r < 0) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
return r;
}
@@ -9854,7 +9854,7 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
wdev_lock(dev->ieee80211_ptr);
err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
if (err)
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
wdev_unlock(dev->ieee80211_ptr);
@@ -10282,7 +10282,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
return -EINVAL;
}
memcpy(&connect.ht_capa,
@@ -10300,7 +10300,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
return -EINVAL;
}
memcpy(&connect.vht_capa,
@@ -10314,7 +10314,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
(rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
!wiphy_ext_feature_isset(&rdev->wiphy,
NL80211_EXT_FEATURE_RRM)) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
return -EINVAL;
}
connect.flags |= ASSOC_REQ_USE_RRM;
@@ -10322,21 +10322,21 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
return -EOPNOTSUPP;
}
if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
/* bss selection makes no sense if bssid is set */
if (connect.bssid) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
return -EINVAL;
}
err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
wiphy, &connect.bss_select);
if (err) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
return err;
}
}
@@ -10366,13 +10366,13 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
return -EINVAL;
}
if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
GENL_SET_ERR_MSG(info,
"external auth requires connection ownership");
return -EINVAL;
@@ -10385,7 +10385,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
err = cfg80211_connect(rdev, dev, &connect, connkeys,
connect.prev_bssid);
if (err)
- kzfree(connkeys);
+ kfree_sensitive(connkeys);
if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 15595cf401de..985f3c23f054 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -742,7 +742,7 @@ void __cfg80211_connect_result(struct net_device *dev,
}
if (cr->status != WLAN_STATUS_SUCCESS) {
- kzfree(wdev->connect_keys);
+ kfree_sensitive(wdev->connect_keys);
wdev->connect_keys = NULL;
wdev->ssid_len = 0;
wdev->conn_owner_nlportid = 0;
@@ -1098,7 +1098,7 @@ void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
wdev->current_bss = NULL;
wdev->ssid_len = 0;
wdev->conn_owner_nlportid = 0;
- kzfree(wdev->connect_keys);
+ kfree_sensitive(wdev->connect_keys);
wdev->connect_keys = NULL;
nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap);
@@ -1281,7 +1281,7 @@ int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
ASSERT_WDEV_LOCK(wdev);
- kzfree(wdev->connect_keys);
+ kfree_sensitive(wdev->connect_keys);
wdev->connect_keys = NULL;
wdev->conn_owner_nlportid = 0;
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 4d3b76f94f55..29adb1010c18 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -863,7 +863,7 @@ void cfg80211_upload_connect_keys(struct wireless_dev *wdev)
}
}
- kzfree(wdev->connect_keys);
+ kfree_sensitive(wdev->connect_keys);
wdev->connect_keys = NULL;
}
diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c
index 73fd0eae08ca..73df23570d43 100644
--- a/net/wireless/wext-sme.c
+++ b/net/wireless/wext-sme.c
@@ -57,7 +57,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
err = cfg80211_connect(rdev, wdev->netdev,
&wdev->wext.connect, ck, prev_bssid);
if (err)
- kzfree(ck);
+ kfree_sensitive(ck);
return err;
}
diff --git a/scripts/coccinelle/free/devm_free.cocci b/scripts/coccinelle/free/devm_free.cocci
index 3357bf4dbd7c..da80050b91ff 100644
--- a/scripts/coccinelle/free/devm_free.cocci
+++ b/scripts/coccinelle/free/devm_free.cocci
@@ -89,7 +89,7 @@ position p;
(
kfree@p(x)
|
- kzfree@p(x)
+ kfree_sensitive@p(x)
|
krealloc@p(x, ...)
|
@@ -112,7 +112,7 @@ position p != safe.p;
(
* kfree@p(x)
|
-* kzfree@p(x)
+* kfree_sensitive@p(x)
|
* krealloc@p(x, ...)
|
diff --git a/scripts/coccinelle/free/ifnullfree.cocci b/scripts/coccinelle/free/ifnullfree.cocci
index b3290c4ee239..2045391e36a0 100644
--- a/scripts/coccinelle/free/ifnullfree.cocci
+++ b/scripts/coccinelle/free/ifnullfree.cocci
@@ -21,7 +21,7 @@ expression E;
(
kfree(E);
|
- kzfree(E);
+ kfree_sensitive(E);
|
debugfs_remove(E);
|
@@ -42,7 +42,7 @@ position p;
@@
* if (E != NULL)
-* \(kfree@p\|kzfree@p\|debugfs_remove@p\|debugfs_remove_recursive@p\|
+* \(kfree@p\|kfree_sensitive@p\|debugfs_remove@p\|debugfs_remove_recursive@p\|
* usb_free_urb@p\|kmem_cache_destroy@p\|mempool_destroy@p\|
* dma_pool_destroy@p\)(E);
diff --git a/scripts/coccinelle/free/kfree.cocci b/scripts/coccinelle/free/kfree.cocci
index e9d50e718e46..168568386034 100644
--- a/scripts/coccinelle/free/kfree.cocci
+++ b/scripts/coccinelle/free/kfree.cocci
@@ -24,7 +24,7 @@ position p1;
(
* kfree@p1(E)
|
-* kzfree@p1(E)
+* kfree_sensitive@p1(E)
)
@print expression@
@@ -68,7 +68,7 @@ while (1) { ...
(
* kfree@ok(E)
|
-* kzfree@ok(E)
+* kfree_sensitive@ok(E)
)
... when != break;
when != goto l;
@@ -86,7 +86,7 @@ position free.p1!=loop.ok,p2!={print.p,sz.p};
(
* kfree@p1(E,...)
|
-* kzfree@p1(E,...)
+* kfree_sensitive@p1(E,...)
)
...
(
diff --git a/scripts/coccinelle/free/kfreeaddr.cocci b/scripts/coccinelle/free/kfreeaddr.cocci
index cfaf308328d8..142af6337a04 100644
--- a/scripts/coccinelle/free/kfreeaddr.cocci
+++ b/scripts/coccinelle/free/kfreeaddr.cocci
@@ -20,7 +20,7 @@ position p;
(
* kfree@p(&e->f)
|
-* kzfree@p(&e->f)
+* kfree_sensitive@p(&e->f)
)
@script:python depends on org@
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 1c898055a476..7b0e13ce7dc7 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -40,8 +40,8 @@ void aa_free_domain_entries(struct aa_domain *domain)
return;
for (i = 0; i < domain->size; i++)
- kzfree(domain->table[i]);
- kzfree(domain->table);
+ kfree_sensitive(domain->table[i]);
+ kfree_sensitive(domain->table);
domain->table = NULL;
}
}
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index aff26fc71407..d4f8948517d9 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -72,7 +72,7 @@ static inline void aa_free_file_ctx(struct aa_file_ctx *ctx)
{
if (ctx) {
aa_put_label(rcu_access_pointer(ctx->label));
- kzfree(ctx);
+ kfree_sensitive(ctx);
}
}
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index af4f50fda9e3..4c010c9a6af1 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -187,9 +187,9 @@ static void aa_free_data(void *ptr, void *arg)
{
struct aa_data *data = ptr;
- kzfree(data->data);
- kzfree(data->key);
- kzfree(data);
+ kfree_sensitive(data->data);
+ kfree_sensitive(data->key);
+ kfree_sensitive(data);
}
/**
@@ -217,19 +217,19 @@ void aa_free_profile(struct aa_profile *profile)
aa_put_profile(rcu_access_pointer(profile->parent));
aa_put_ns(profile->ns);
- kzfree(profile->rename);
+ kfree_sensitive(profile->rename);
aa_free_file_rules(&profile->file);
aa_free_cap_rules(&profile->caps);
aa_free_rlimit_rules(&profile->rlimits);
for (i = 0; i < profile->xattr_count; i++)
- kzfree(profile->xattrs[i]);
- kzfree(profile->xattrs);
+ kfree_sensitive(profile->xattrs[i]);
+ kfree_sensitive(profile->xattrs);
for (i = 0; i < profile->secmark_count; i++)
- kzfree(profile->secmark[i].label);
- kzfree(profile->secmark);
- kzfree(profile->dirname);
+ kfree_sensitive(profile->secmark[i].label);
+ kfree_sensitive(profile->secmark);
+ kfree_sensitive(profile->dirname);
aa_put_dfa(profile->xmatch);
aa_put_dfa(profile->policy.dfa);
@@ -237,14 +237,14 @@ void aa_free_profile(struct aa_profile *profile)
rht = profile->data;
profile->data = NULL;
rhashtable_free_and_destroy(rht, aa_free_data, NULL);
- kzfree(rht);
+ kfree_sensitive(rht);
}
- kzfree(profile->hash);
+ kfree_sensitive(profile->hash);
aa_put_loaddata(profile->rawdata);
aa_label_destroy(&profile->label);
- kzfree(profile);
+ kfree_sensitive(profile);
}
/**
diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c
index d7ef540027a5..70921d95fb40 100644
--- a/security/apparmor/policy_ns.c
+++ b/security/apparmor/policy_ns.c
@@ -121,9 +121,9 @@ static struct aa_ns *alloc_ns(const char *prefix, const char *name)
return ns;
fail_unconfined:
- kzfree(ns->base.hname);
+ kfree_sensitive(ns->base.hname);
fail_ns:
- kzfree(ns);
+ kfree_sensitive(ns);
return NULL;
}
@@ -145,7 +145,7 @@ void aa_free_ns(struct aa_ns *ns)
ns->unconfined->ns = NULL;
aa_free_profile(ns->unconfined);
- kzfree(ns);
+ kfree_sensitive(ns);
}
/**
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index b67322abcc33..dc345ac93205 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -163,10 +163,10 @@ static void do_loaddata_free(struct work_struct *work)
aa_put_ns(ns);
}
- kzfree(d->hash);
- kzfree(d->name);
+ kfree_sensitive(d->hash);
+ kfree_sensitive(d->name);
kvfree(d->data);
- kzfree(d);
+ kfree_sensitive(d);
}
void aa_loaddata_kref(struct kref *kref)
@@ -894,7 +894,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
while (unpack_strdup(e, &key, NULL)) {
data = kzalloc(sizeof(*data), GFP_KERNEL);
if (!data) {
- kzfree(key);
+ kfree_sensitive(key);
goto fail;
}
@@ -902,8 +902,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
data->size = unpack_blob(e, &data->data, NULL);
data->data = kvmemdup(data->data, data->size);
if (data->size && !data->data) {
- kzfree(data->key);
- kzfree(data);
+ kfree_sensitive(data->key);
+ kfree_sensitive(data);
goto fail;
}
@@ -1037,7 +1037,7 @@ void aa_load_ent_free(struct aa_load_ent *ent)
aa_put_profile(ent->old);
aa_put_profile(ent->new);
kfree(ent->ns_name);
- kzfree(ent);
+ kfree_sensitive(ent);
}
}
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index dd708e8f13c0..691347dea3c1 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -138,7 +138,7 @@ int big_key_preparse(struct key_preparsed_payload *prep)
err_fput:
fput(file);
err_enckey:
- kzfree(enckey);
+ kfree_sensitive(enckey);
error:
memzero_explicit(buf, enclen);
kvfree(buf);
@@ -155,7 +155,7 @@ void big_key_free_preparse(struct key_preparsed_payload *prep)
path_put(path);
}
- kzfree(prep->payload.data[big_key_data]);
+ kfree_sensitive(prep->payload.data[big_key_data]);
}
/*
@@ -187,7 +187,7 @@ void big_key_destroy(struct key *key)
path->mnt = NULL;
path->dentry = NULL;
}
- kzfree(key->payload.data[big_key_data]);
+ kfree_sensitive(key->payload.data[big_key_data]);
key->payload.data[big_key_data] = NULL;
}
diff --git a/security/keys/dh.c b/security/keys/dh.c
index c4c629bb1c03..1abfa70ed6e1 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -58,9 +58,9 @@ static ssize_t dh_data_from_key(key_serial_t keyid, void **data)
static void dh_free_data(struct dh *dh)
{
- kzfree(dh->key);
- kzfree(dh->p);
- kzfree(dh->g);
+ kfree_sensitive(dh->key);
+ kfree_sensitive(dh->p);
+ kfree_sensitive(dh->g);
}
struct dh_completion {
@@ -126,7 +126,7 @@ static void kdf_dealloc(struct kdf_sdesc *sdesc)
if (sdesc->shash.tfm)
crypto_free_shash(sdesc->shash.tfm);
- kzfree(sdesc);
+ kfree_sensitive(sdesc);
}
/*
@@ -220,7 +220,7 @@ static int keyctl_dh_compute_kdf(struct kdf_sdesc *sdesc,
ret = -EFAULT;
err:
- kzfree(outbuf);
+ kfree_sensitive(outbuf);
return ret;
}
@@ -395,11 +395,11 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params,
out6:
kpp_request_free(req);
out5:
- kzfree(outbuf);
+ kfree_sensitive(outbuf);
out4:
crypto_free_kpp(tfm);
out3:
- kzfree(secret);
+ kfree_sensitive(secret);
out2:
dh_free_data(&dh_inputs);
out1:
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 14cf81d1a30b..deebbf14eeca 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -370,7 +370,7 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
master_keylen);
ret = crypto_shash_tfm_digest(hash_tfm, derived_buf, derived_buf_len,
derived_key);
- kzfree(derived_buf);
+ kfree_sensitive(derived_buf);
return ret;
}
@@ -812,13 +812,13 @@ static int encrypted_instantiate(struct key *key,
ret = encrypted_init(epayload, key->description, format, master_desc,
decrypted_datalen, hex_encoded_iv);
if (ret < 0) {
- kzfree(epayload);
+ kfree_sensitive(epayload);
goto out;
}
rcu_assign_keypointer(key, epayload);
out:
- kzfree(datablob);
+ kfree_sensitive(datablob);
return ret;
}
@@ -827,7 +827,7 @@ static void encrypted_rcu_free(struct rcu_head *rcu)
struct encrypted_key_payload *epayload;
epayload = container_of(rcu, struct encrypted_key_payload, rcu);
- kzfree(epayload);
+ kfree_sensitive(epayload);
}
/*
@@ -885,7 +885,7 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)
rcu_assign_keypointer(key, new_epayload);
call_rcu(&epayload->rcu, encrypted_rcu_free);
out:
- kzfree(buf);
+ kfree_sensitive(buf);
return ret;
}
@@ -946,7 +946,7 @@ static long encrypted_read(const struct key *key, char *buffer,
memzero_explicit(derived_key, sizeof(derived_key));
memcpy(buffer, ascii_buf, asciiblob_len);
- kzfree(ascii_buf);
+ kfree_sensitive(ascii_buf);
return asciiblob_len;
out:
@@ -961,7 +961,7 @@ static long encrypted_read(const struct key *key, char *buffer,
*/
static void encrypted_destroy(struct key *key)
{
- kzfree(key->payload.data[0]);
+ kfree_sensitive(key->payload.data[0]);
}
struct key_type key_type_encrypted = {
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index 8001ab07e63b..b9fe02e5f84f 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -68,7 +68,7 @@ static int TSS_sha1(const unsigned char *data, unsigned int datalen,
}
ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
- kzfree(sdesc);
+ kfree_sensitive(sdesc);
return ret;
}
@@ -112,7 +112,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
if (!ret)
ret = crypto_shash_final(&sdesc->shash, digest);
out:
- kzfree(sdesc);
+ kfree_sensitive(sdesc);
return ret;
}
@@ -166,7 +166,7 @@ int TSS_authhmac(unsigned char *digest, const unsigned char *key,
paramdigest, TPM_NONCE_SIZE, h1,
TPM_NONCE_SIZE, h2, 1, &c, 0, 0);
out:
- kzfree(sdesc);
+ kfree_sensitive(sdesc);
return ret;
}
EXPORT_SYMBOL_GPL(TSS_authhmac);
@@ -251,7 +251,7 @@ int TSS_checkhmac1(unsigned char *buffer,
if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
ret = -EINVAL;
out:
- kzfree(sdesc);
+ kfree_sensitive(sdesc);
return ret;
}
EXPORT_SYMBOL_GPL(TSS_checkhmac1);
@@ -353,7 +353,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
ret = -EINVAL;
out:
- kzfree(sdesc);
+ kfree_sensitive(sdesc);
return ret;
}
@@ -563,7 +563,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
*bloblen = storedsize;
}
out:
- kzfree(td);
+ kfree_sensitive(td);
return ret;
}
@@ -1031,12 +1031,12 @@ static int trusted_instantiate(struct key *key,
if (!ret && options->pcrlock)
ret = pcrlock(options->pcrlock);
out:
- kzfree(datablob);
- kzfree(options);
+ kfree_sensitive(datablob);
+ kfree_sensitive(options);
if (!ret)
rcu_assign_keypointer(key, payload);
else
- kzfree(payload);
+ kfree_sensitive(payload);
return ret;
}
@@ -1045,7 +1045,7 @@ static void trusted_rcu_free(struct rcu_head *rcu)
struct trusted_key_payload *p;
p = container_of(rcu, struct trusted_key_payload, rcu);
- kzfree(p);
+ kfree_sensitive(p);
}
/*
@@ -1087,13 +1087,13 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
ret = datablob_parse(datablob, new_p, new_o);
if (ret != Opt_update) {
ret = -EINVAL;
- kzfree(new_p);
+ kfree_sensitive(new_p);
goto out;
}
if (!new_o->keyhandle) {
ret = -EINVAL;
- kzfree(new_p);
+ kfree_sensitive(new_p);
goto out;
}
@@ -1107,22 +1107,22 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
ret = key_seal(new_p, new_o);
if (ret < 0) {
pr_info("trusted_key: key_seal failed (%d)\n", ret);
- kzfree(new_p);
+ kfree_sensitive(new_p);
goto out;
}
if (new_o->pcrlock) {
ret = pcrlock(new_o->pcrlock);
if (ret < 0) {
pr_info("trusted_key: pcrlock failed (%d)\n", ret);
- kzfree(new_p);
+ kfree_sensitive(new_p);
goto out;
}
}
rcu_assign_keypointer(key, new_p);
call_rcu(&p->rcu, trusted_rcu_free);
out:
- kzfree(datablob);
- kzfree(new_o);
+ kfree_sensitive(datablob);
+ kfree_sensitive(new_o);
return ret;
}
@@ -1154,7 +1154,7 @@ static long trusted_read(const struct key *key, char *buffer,
*/
static void trusted_destroy(struct key *key)
{
- kzfree(key->payload.data[0]);
+ kfree_sensitive(key->payload.data[0]);
}
struct key_type key_type_trusted = {
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 07d4287e9084..749e2a4dcb13 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -82,7 +82,7 @@ EXPORT_SYMBOL_GPL(user_preparse);
*/
void user_free_preparse(struct key_preparsed_payload *prep)
{
- kzfree(prep->payload.data[0]);
+ kfree_sensitive(prep->payload.data[0]);
}
EXPORT_SYMBOL_GPL(user_free_preparse);
@@ -91,7 +91,7 @@ static void user_free_payload_rcu(struct rcu_head *head)
struct user_key_payload *payload;
payload = container_of(head, struct user_key_payload, rcu);
- kzfree(payload);
+ kfree_sensitive(payload);
}
/*
@@ -147,7 +147,7 @@ void user_destroy(struct key *key)
{
struct user_key_payload *upayload = key->payload.data[0];
- kzfree(upayload);
+ kfree_sensitive(upayload);
}
EXPORT_SYMBOL_GPL(user_destroy);
--
2.18.1
^ permalink raw reply related
* [PATCH v5 0/2] mm, treewide: Rename kzfree() to kfree_sensitive()
From: Waiman Long @ 2020-06-16 15:43 UTC (permalink / raw)
To: Andrew Morton, David Howells, Jarkko Sakkinen, James Morris,
Serge E. Hallyn, Linus Torvalds, Joe Perches, Matthew Wilcox,
David Rientjes
Cc: Jason A . Donenfeld, Michal Hocko, virtualization, linux-mm,
linux-sctp, target-devel, linux-stm32, devel, linux-cifs,
linux-scsi, kasan-dev, linux-wpan, Waiman Long, Dan Carpenter,
linux-pm, ecryptfs, linux-fscrypt, linux-mediatek, linux-amlogic,
linux-nfs, netdev, linux-wireless, linux-kernel, linux-bluetooth,
linux-security-module, keyrings, tipc-discussion, linux-crypto,
Johannes Weiner, linux-integrity, linuxppc-dev, wireguard,
linux-ppp
v5:
- Break the btrfs patch out as a separate patch to be processed
independently.
- Update the commit log of patch 1 to make it less scary.
- Add a kzfree backward compatibility macro in patch 2.
v4:
- Break out the memzero_explicit() change as suggested by Dan Carpenter
so that it can be backported to stable.
- Drop the "crypto: Remove unnecessary memzero_explicit()" patch for
now as there can be a bit more discussion on what is best. It will be
introduced as a separate patch later on after this one is merged.
This patchset makes a global rename of the kzfree() to kfree_sensitive()
to highlight the fact buffer clearing is only needed if the data objects
contain sensitive information like encrpytion key. The fact that kzfree()
uses memset() to do the clearing isn't totally safe either as compiler
may compile out the clearing in their optimizer especially if LTO is
used. Instead, the new kfree_sensitive() uses memzero_explicit() which
won't get compiled out.
Waiman Long (2):
mm/slab: Use memzero_explicit() in kzfree()
mm, treewide: Rename kzfree() to kfree_sensitive()
arch/s390/crypto/prng.c | 4 +--
arch/x86/power/hibernate.c | 2 +-
crypto/adiantum.c | 2 +-
crypto/ahash.c | 4 +--
crypto/api.c | 2 +-
crypto/asymmetric_keys/verify_pefile.c | 4 +--
crypto/deflate.c | 2 +-
crypto/drbg.c | 10 +++---
crypto/ecc.c | 8 ++---
crypto/ecdh.c | 2 +-
crypto/gcm.c | 2 +-
crypto/gf128mul.c | 4 +--
crypto/jitterentropy-kcapi.c | 2 +-
crypto/rng.c | 2 +-
crypto/rsa-pkcs1pad.c | 6 ++--
crypto/seqiv.c | 2 +-
crypto/shash.c | 2 +-
crypto/skcipher.c | 2 +-
crypto/testmgr.c | 6 ++--
crypto/zstd.c | 2 +-
.../allwinner/sun8i-ce/sun8i-ce-cipher.c | 2 +-
.../allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +-
drivers/crypto/amlogic/amlogic-gxl-cipher.c | 4 +--
drivers/crypto/atmel-ecc.c | 2 +-
drivers/crypto/caam/caampkc.c | 28 +++++++--------
drivers/crypto/cavium/cpt/cptvf_main.c | 6 ++--
drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 12 +++----
drivers/crypto/cavium/nitrox/nitrox_lib.c | 4 +--
drivers/crypto/cavium/zip/zip_crypto.c | 6 ++--
drivers/crypto/ccp/ccp-crypto-rsa.c | 6 ++--
drivers/crypto/ccree/cc_aead.c | 4 +--
drivers/crypto/ccree/cc_buffer_mgr.c | 4 +--
drivers/crypto/ccree/cc_cipher.c | 6 ++--
drivers/crypto/ccree/cc_hash.c | 8 ++---
drivers/crypto/ccree/cc_request_mgr.c | 2 +-
drivers/crypto/marvell/cesa/hash.c | 2 +-
.../crypto/marvell/octeontx/otx_cptvf_main.c | 6 ++--
.../marvell/octeontx/otx_cptvf_reqmgr.h | 2 +-
drivers/crypto/mediatek/mtk-aes.c | 2 +-
drivers/crypto/nx/nx.c | 4 +--
drivers/crypto/virtio/virtio_crypto_algs.c | 12 +++----
drivers/crypto/virtio/virtio_crypto_core.c | 2 +-
drivers/md/dm-crypt.c | 32 ++++++++---------
drivers/md/dm-integrity.c | 6 ++--
drivers/misc/ibmvmc.c | 6 ++--
.../hisilicon/hns3/hns3pf/hclge_mbx.c | 2 +-
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 ++--
drivers/net/ppp/ppp_mppe.c | 6 ++--
drivers/net/wireguard/noise.c | 4 +--
drivers/net/wireguard/peer.c | 2 +-
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 +-
.../net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 ++--
drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 6 ++--
drivers/net/wireless/intersil/orinoco/wext.c | 4 +--
drivers/s390/crypto/ap_bus.h | 4 +--
drivers/staging/ks7010/ks_hostif.c | 2 +-
drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
drivers/staging/wlan-ng/p80211netdev.c | 2 +-
drivers/target/iscsi/iscsi_target_auth.c | 2 +-
fs/cifs/cifsencrypt.c | 2 +-
fs/cifs/connect.c | 10 +++---
fs/cifs/dfs_cache.c | 2 +-
fs/cifs/misc.c | 8 ++---
fs/crypto/keyring.c | 6 ++--
fs/crypto/keysetup_v1.c | 4 +--
fs/ecryptfs/keystore.c | 4 +--
fs/ecryptfs/messaging.c | 2 +-
include/crypto/aead.h | 2 +-
include/crypto/akcipher.h | 2 +-
include/crypto/gf128mul.h | 2 +-
include/crypto/hash.h | 2 +-
include/crypto/internal/acompress.h | 2 +-
include/crypto/kpp.h | 2 +-
include/crypto/skcipher.h | 2 +-
include/linux/slab.h | 4 ++-
lib/mpi/mpiutil.c | 6 ++--
lib/test_kasan.c | 6 ++--
mm/slab_common.c | 10 +++---
net/atm/mpoa_caches.c | 4 +--
net/bluetooth/ecdh_helper.c | 6 ++--
net/bluetooth/smp.c | 24 ++++++-------
net/core/sock.c | 2 +-
net/ipv4/tcp_fastopen.c | 2 +-
net/mac80211/aead_api.c | 4 +--
net/mac80211/aes_gmac.c | 2 +-
net/mac80211/key.c | 2 +-
net/mac802154/llsec.c | 20 +++++------
net/sctp/auth.c | 2 +-
net/sctp/socket.c | 2 +-
net/sunrpc/auth_gss/gss_krb5_crypto.c | 4 +--
net/sunrpc/auth_gss/gss_krb5_keys.c | 6 ++--
net/sunrpc/auth_gss/gss_krb5_mech.c | 2 +-
net/tipc/crypto.c | 10 +++---
net/wireless/core.c | 2 +-
net/wireless/ibss.c | 4 +--
net/wireless/lib80211_crypt_tkip.c | 2 +-
net/wireless/lib80211_crypt_wep.c | 2 +-
net/wireless/nl80211.c | 24 ++++++-------
net/wireless/sme.c | 6 ++--
net/wireless/util.c | 2 +-
net/wireless/wext-sme.c | 2 +-
scripts/coccinelle/free/devm_free.cocci | 4 +--
scripts/coccinelle/free/ifnullfree.cocci | 4 +--
scripts/coccinelle/free/kfree.cocci | 6 ++--
scripts/coccinelle/free/kfreeaddr.cocci | 2 +-
security/apparmor/domain.c | 4 +--
security/apparmor/include/file.h | 2 +-
security/apparmor/policy.c | 24 ++++++-------
security/apparmor/policy_ns.c | 6 ++--
security/apparmor/policy_unpack.c | 14 ++++----
security/keys/big_key.c | 6 ++--
security/keys/dh.c | 14 ++++----
security/keys/encrypted-keys/encrypted.c | 14 ++++----
security/keys/trusted-keys/trusted_tpm1.c | 34 +++++++++----------
security/keys/user_defined.c | 6 ++--
115 files changed, 323 insertions(+), 321 deletions(-)
--
2.18.1
^ permalink raw reply
* Re: [PATCH v2 08/12] mm: Define pasid in mm
From: Fenghua Yu @ 2020-06-16 15:11 UTC (permalink / raw)
To: Jean-Philippe Brucker
Cc: Dave Hansen, H Peter Anvin, Dave Jiang, Ashok Raj, Joerg Roedel,
x86, amd-gfx, Ingo Molnar, Ravi V Shankar, Yu-cheng Yu,
Andrew Donnellan, Borislav Petkov, Sohil Mehta, Thomas Gleixner,
Tony Luck, linuxppc-dev, Felix Kuehling, linux-kernel, iommu,
Jacob Jun Pan, Frederic Barrat, David Woodhouse, Lu Baolu
In-Reply-To: <20200616082819.GA590740@myrica>
Hi, Jean,
On Tue, Jun 16, 2020 at 10:28:19AM +0200, Jean-Philippe Brucker wrote:
> On Fri, Jun 12, 2020 at 05:41:29PM -0700, Fenghua Yu wrote:
> > diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
> > index 64ede5f150dc..5778db3aa42d 100644
> > --- a/include/linux/mm_types.h
> > +++ b/include/linux/mm_types.h
> > @@ -538,6 +538,10 @@ struct mm_struct {
> > atomic_long_t hugetlb_usage;
> > #endif
> > struct work_struct async_put_work;
> > +
> > +#ifdef CONFIG_PCI_PASID
>
> Non-PCI devices can also use a PASID (e.g. Arm's SubstreamID). How about
> CONFIG_IOMMU_SUPPORT?
Sure. I will change it to CONFIG_IOMMU_SUPPORT.
Thanks.
-Fenghua
^ permalink raw reply
* Re: [PATCH v4 2/3] mm, treewide: Rename kzfree() to kfree_sensitive()
From: Waiman Long @ 2020-06-16 15:05 UTC (permalink / raw)
To: Dan Carpenter
Cc: Jason A . Donenfeld, Michal Hocko, linux-btrfs, Jarkko Sakkinen,
David Sterba, David Howells, linux-mm, linux-sctp, keyrings,
kasan-dev, linux-stm32, devel, linux-cifs, linux-scsi,
James Morris, Matthew Wilcox, linux-wpan, David Rientjes,
Serge E. Hallyn, linux-pm, ecryptfs, linux-fscrypt,
linux-mediatek, linux-amlogic, virtualization, linux-integrity,
linux-nfs, Linus Torvalds, linux-wireless, linux-kernel,
linux-bluetooth, linux-security-module, target-devel,
tipc-discussion, linux-crypto, Johannes Weiner, Joe Perches,
Andrew Morton, linuxppc-dev, netdev, wireguard, linux-ppp
In-Reply-To: <20200616142624.GO4282@kadam>
On 6/16/20 10:26 AM, Dan Carpenter wrote:
> Last time you sent this we couldn't decide which tree it should go
> through. Either the crypto tree or through Andrew seems like the right
> thing to me.
>
> Also the other issue is that it risks breaking things if people add
> new kzfree() instances while we are doing the transition. Could you
> just add a "#define kzfree kfree_sensitive" so that things continue to
> compile and we can remove it in the next kernel release?
>
> regards,
> dan carpenter
>
Yes, that make sure sense. Will send out v5 later today.
Cheers,
Longman
^ permalink raw reply
* Re: [PATCH v4 3/3] btrfs: Use kfree() in btrfs_ioctl_get_subvol_info()
From: Waiman Long @ 2020-06-16 15:05 UTC (permalink / raw)
To: dsterba, Andrew Morton, David Howells, Jarkko Sakkinen,
James Morris, Serge E. Hallyn, Linus Torvalds, Joe Perches,
Matthew Wilcox, David Rientjes, Michal Hocko, Johannes Weiner,
Dan Carpenter, Jason A . Donenfeld, linux-mm, keyrings,
linux-kernel, linux-crypto, linux-pm, linux-stm32, linux-amlogic,
linux-mediatek, linuxppc-dev, virtualization, netdev, linux-ppp,
wireguard, linux-wireless, devel, linux-scsi, target-devel,
linux-btrfs, linux-cifs, linux-fscrypt, ecryptfs, kasan-dev,
linux-bluetooth, linux-wpan, linux-sctp, linux-nfs,
tipc-discussion, linux-security-module, linux-integrity
In-Reply-To: <20200616144804.GD27795@twin.jikos.cz>
On 6/16/20 10:48 AM, David Sterba wrote:
> On Mon, Jun 15, 2020 at 09:57:18PM -0400, Waiman Long wrote:
>> In btrfs_ioctl_get_subvol_info(), there is a classic case where kzalloc()
>> was incorrectly paired with kzfree(). According to David Sterba, there
>> isn't any sensitive information in the subvol_info that needs to be
>> cleared before freeing. So kfree_sensitive() isn't really needed,
>> use kfree() instead.
>>
>> Reported-by: David Sterba <dsterba@suse.cz>
>> Signed-off-by: Waiman Long <longman@redhat.com>
>> ---
>> fs/btrfs/ioctl.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
>> index f1dd9e4271e9..e8f7c5f00894 100644
>> --- a/fs/btrfs/ioctl.c
>> +++ b/fs/btrfs/ioctl.c
>> @@ -2692,7 +2692,7 @@ static int btrfs_ioctl_get_subvol_info(struct file *file, void __user *argp)
>> btrfs_put_root(root);
>> out_free:
>> btrfs_free_path(path);
>> - kfree_sensitive(subvol_info);
>> + kfree(subvol_info);
> I would rather merge a patch doing to kzfree -> kfree instead of doing
> the middle step to switch it to kfree_sensitive. If it would help
> integration of your patchset I can push it to the next rc so there are
> no kzfree left in the btrfs code. Treewide change like that can take
> time so it would be one less problem to care about for you.
>
Sure, I will move it forward in the patch series.
Thanks,
Longman
^ permalink raw reply
* Re: [PATCH v4 3/3] btrfs: Use kfree() in btrfs_ioctl_get_subvol_info()
From: David Sterba @ 2020-06-16 14:48 UTC (permalink / raw)
To: Waiman Long
Cc: Jason A . Donenfeld, Michal Hocko, linux-btrfs, Jarkko Sakkinen,
David Sterba, David Howells, linux-mm, linux-sctp, keyrings,
kasan-dev, linux-stm32, devel, linux-cifs, linux-scsi,
James Morris, Matthew Wilcox, linux-wpan, David Rientjes,
Dan Carpenter, Serge E. Hallyn, linux-pm, ecryptfs, linux-fscrypt,
linux-mediatek, linux-amlogic, virtualization, linux-integrity,
linux-nfs, linuxppc-dev, linux-wireless, linux-kernel,
linux-bluetooth, linux-security-module, target-devel,
tipc-discussion, linux-crypto, Johannes Weiner, Joe Perches,
Andrew Morton, Linus Torvalds, netdev, wireguard, linux-ppp
In-Reply-To: <20200616015718.7812-4-longman@redhat.com>
On Mon, Jun 15, 2020 at 09:57:18PM -0400, Waiman Long wrote:
> In btrfs_ioctl_get_subvol_info(), there is a classic case where kzalloc()
> was incorrectly paired with kzfree(). According to David Sterba, there
> isn't any sensitive information in the subvol_info that needs to be
> cleared before freeing. So kfree_sensitive() isn't really needed,
> use kfree() instead.
>
> Reported-by: David Sterba <dsterba@suse.cz>
> Signed-off-by: Waiman Long <longman@redhat.com>
> ---
> fs/btrfs/ioctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
> index f1dd9e4271e9..e8f7c5f00894 100644
> --- a/fs/btrfs/ioctl.c
> +++ b/fs/btrfs/ioctl.c
> @@ -2692,7 +2692,7 @@ static int btrfs_ioctl_get_subvol_info(struct file *file, void __user *argp)
> btrfs_put_root(root);
> out_free:
> btrfs_free_path(path);
> - kfree_sensitive(subvol_info);
> + kfree(subvol_info);
I would rather merge a patch doing to kzfree -> kfree instead of doing
the middle step to switch it to kfree_sensitive. If it would help
integration of your patchset I can push it to the next rc so there are
no kzfree left in the btrfs code. Treewide change like that can take
time so it would be one less problem to care about for you.
^ permalink raw reply
* Re: [PATCH v5 01/13] powerpc: Remove Xilinx PPC405/PPC440 support
From: Michal Simek @ 2020-06-16 14:45 UTC (permalink / raw)
To: Nathan Chancellor, Christophe Leroy
Cc: arnd, michal.simek, linux-kernel, clang-built-linux,
Paul Mackerras, linuxppc-dev
In-Reply-To: <20200616002720.GA1307277@ubuntu-n2-xlarge-x86>
On 16. 06. 20 2:27, Nathan Chancellor wrote:
> On Thu, May 21, 2020 at 04:55:52PM +0000, Christophe Leroy wrote:
>> From: Michal Simek <michal.simek@xilinx.com>
>>
>> The latest Xilinx design tools called ISE and EDK has been released in
>> October 2013. New tool doesn't support any PPC405/PPC440 new designs.
>> These platforms are no longer supported and tested.
>>
>> PowerPC 405/440 port is orphan from 2013 by
>> commit cdeb89943bfc ("MAINTAINERS: Fix incorrect status tag") and
>> commit 19624236cce1 ("MAINTAINERS: Update Grant's email address and maintainership")
>> that's why it is time to remove the support fot these platforms.
>>
>> Signed-off-by: Michal Simek <michal.simek@xilinx.com>
>> Acked-by: Arnd Bergmann <arnd@arndb.de>
>> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
>
> This patch causes qemu-system-ppc to fail to load ppc44x_defconfig:
>
> $ make -skj"$(nproc)" ARCH=powerpc CROSS_COMPILE=powerpc-linux- O=out/ppc distclean ppc44x_defconfig zImage
>
> $ timeout --foreground 30s unbuffer \
> qemu-system-ppc \
> -machine bamboo \
Did you bisect it that you found that this patch is causing problem for
you on any bamboo machine?
Or this was caused by the whole series?
Thanks,
Michal
^ permalink raw reply
* Re: [PATCH v4 2/3] mm, treewide: Rename kzfree() to kfree_sensitive()
From: Dan Carpenter @ 2020-06-16 14:26 UTC (permalink / raw)
To: Waiman Long
Cc: Jason A . Donenfeld, Michal Hocko, linux-btrfs, Jarkko Sakkinen,
David Sterba, David Howells, linux-mm, linux-sctp, keyrings,
kasan-dev, linux-stm32, devel, linux-cifs, linux-scsi,
James Morris, Matthew Wilcox, linux-wpan, David Rientjes,
Serge E. Hallyn, linux-pm, ecryptfs, linux-fscrypt,
linux-mediatek, linux-amlogic, virtualization, linux-integrity,
linux-nfs, Linus Torvalds, linux-wireless, linux-kernel,
linux-bluetooth, linux-security-module, target-devel,
tipc-discussion, linux-crypto, Johannes Weiner, Joe Perches,
Andrew Morton, linuxppc-dev, netdev, wireguard, linux-ppp
In-Reply-To: <20200616015718.7812-3-longman@redhat.com>
Last time you sent this we couldn't decide which tree it should go
through. Either the crypto tree or through Andrew seems like the right
thing to me.
Also the other issue is that it risks breaking things if people add
new kzfree() instances while we are doing the transition. Could you
just add a "#define kzfree kfree_sensitive" so that things continue to
compile and we can remove it in the next kernel release?
regards,
dan carpenter
^ permalink raw reply
* Re: [PATCH] scsi: target/sbp: remove firewire SBP target driver
From: Bart Van Assche @ 2020-06-16 14:08 UTC (permalink / raw)
To: Finn Thain, Chris Boot
Cc: Martin K . Petersen, linux-scsi, Chuhong Yuan, linux-kernel,
Nicholas Bellinger, target-devel, linux1394-devel, linuxppc-dev,
Stefan Richter
In-Reply-To: <alpine.LNX.2.22.394.2006161929380.8@nippy.intranet>
On 2020-06-16 02:42, Finn Thain wrote:
> Martin said, "I'd appreciate a patch to remove it"
>
> And Bart said, "do you want to keep this driver in the kernel tree?"
>
> AFAICT both comments are quite ambiguous. I don't see an actionable
> request, just an expression of interest from people doing their jobs.
>
> Note well: there is no pay check associated with having a MAINTAINERS file
> entry.
Hi Finn,
As far as I know the sbp driver only has had one user ever and that user
is no longer user the sbp driver. So why to keep it in the kernel tree?
Restoring a kernel driver can be easy - the first step is a "git revert".
Thanks,
Bart.
^ permalink raw reply
* [PATCH 2/2] powerpc/syscalls: Split SPU-ness out of ABI
From: Michael Ellerman @ 2020-06-16 13:56 UTC (permalink / raw)
To: linuxppc-dev; +Cc: linux-arch, linux-kernel, arnd
In-Reply-To: <20200616135617.2937252-1-mpe@ellerman.id.au>
Using the ABI field to encode whether a syscall is usable by SPU
programs or not is a bit of kludge.
The ABI of the syscall doesn't change depending on the SPU-ness, but
in order to make the syscall generation work we have to pretend that
it does.
It also means we have more duplicated syscall lines than we need to,
and the SPU logic is not well contained, instead all of the syscall
generation targets need to know if they are spu or nospu.
So instead add a separate file which contains the information on which
syscalls are available for SPU programs. It's just a list of syscall
numbers with a single "spu" field. If the field has the value "spu"
then the syscall is available to SPU programs, any other value or no
entry entirely means the syscall is not available to SPU programs.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/kernel/syscalls/Makefile | 16 +-
arch/powerpc/kernel/syscalls/spu.tbl | 430 +++++++++++++++++++++
arch/powerpc/kernel/syscalls/syscall.tbl | 195 ++++------
arch/powerpc/kernel/syscalls/syscalltbl.sh | 10 +-
4 files changed, 523 insertions(+), 128 deletions(-)
create mode 100644 arch/powerpc/kernel/syscalls/spu.tbl
I'm inclined to put this in next and ask Linus to pull it before rc2, that seems
like the least disruptive way to get this in, unless anyone objects?
cheers
diff --git a/arch/powerpc/kernel/syscalls/Makefile b/arch/powerpc/kernel/syscalls/Makefile
index 27b48954808d..34d39b4a83f7 100644
--- a/arch/powerpc/kernel/syscalls/Makefile
+++ b/arch/powerpc/kernel/syscalls/Makefile
@@ -6,6 +6,7 @@ _dummy := $(shell [ -d '$(uapi)' ] || mkdir -p '$(uapi)') \
$(shell [ -d '$(kapi)' ] || mkdir -p '$(kapi)')
syscall := $(srctree)/$(src)/syscall.tbl
+sputbl := $(srctree)/$(src)/spu.tbl
syshdr := $(srctree)/$(src)/syscallhdr.sh
systbl := $(srctree)/$(src)/syscalltbl.sh
@@ -19,32 +20,33 @@ quiet_cmd_systbl = SYSTBL $@
cmd_systbl = $(CONFIG_SHELL) '$(systbl)' '$<' '$@' \
'$(systbl_abis_$(basetarget))' \
'$(systbl_abi_$(basetarget))' \
- '$(systbl_offset_$(basetarget))'
+ '$(systbl_offset_$(basetarget))' \
+ $(sputbl)
-syshdr_abis_unistd_32 := common,nospu,32
+syshdr_abis_unistd_32 := common,32
$(uapi)/unistd_32.h: $(syscall) $(syshdr)
$(call if_changed,syshdr)
-syshdr_abis_unistd_64 := common,nospu,64
+syshdr_abis_unistd_64 := common,64
$(uapi)/unistd_64.h: $(syscall) $(syshdr)
$(call if_changed,syshdr)
-systbl_abis_syscall_table_32 := common,nospu,32
+systbl_abis_syscall_table_32 := common,32
systbl_abi_syscall_table_32 := 32
$(kapi)/syscall_table_32.h: $(syscall) $(systbl)
$(call if_changed,systbl)
-systbl_abis_syscall_table_64 := common,nospu,64
+systbl_abis_syscall_table_64 := common,64
systbl_abi_syscall_table_64 := 64
$(kapi)/syscall_table_64.h: $(syscall) $(systbl)
$(call if_changed,systbl)
-systbl_abis_syscall_table_c32 := common,nospu,32
+systbl_abis_syscall_table_c32 := common,32
systbl_abi_syscall_table_c32 := c32
$(kapi)/syscall_table_c32.h: $(syscall) $(systbl)
$(call if_changed,systbl)
-systbl_abis_syscall_table_spu := common,spu
+systbl_abis_syscall_table_spu := common,64
systbl_abi_syscall_table_spu := spu
$(kapi)/syscall_table_spu.h: $(syscall) $(systbl)
$(call if_changed,systbl)
diff --git a/arch/powerpc/kernel/syscalls/spu.tbl b/arch/powerpc/kernel/syscalls/spu.tbl
new file mode 100644
index 000000000000..5eac04919303
--- /dev/null
+++ b/arch/powerpc/kernel/syscalls/spu.tbl
@@ -0,0 +1,430 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# The format is:
+# <number> <name> <spu>
+#
+# To indicate a syscall can be used by SPU programs use "spu" for the spu column.
+#
+# Syscalls that are not to be used by SPU programs can be left out of the file
+# entirely, or an entry with a value other than "spu" can be added.
+0 restart_syscall -
+1 exit -
+2 fork -
+3 read spu
+4 write spu
+5 open spu
+6 close spu
+7 waitpid spu
+8 creat spu
+9 link spu
+10 unlink spu
+11 execve -
+12 chdir spu
+13 time spu
+14 mknod spu
+15 chmod spu
+16 lchown spu
+17 break -
+18 oldstat -
+19 lseek spu
+20 getpid spu
+21 mount -
+22 umount -
+23 setuid spu
+24 getuid spu
+25 stime spu
+26 ptrace -
+27 alarm spu
+28 oldfstat -
+29 pause -
+30 utime -
+31 stty -
+32 gtty -
+33 access spu
+34 nice spu
+35 ftime -
+36 sync spu
+37 kill spu
+38 rename spu
+39 mkdir spu
+40 rmdir spu
+41 dup spu
+42 pipe spu
+43 times spu
+44 prof -
+45 brk spu
+46 setgid spu
+47 getgid spu
+48 signal -
+49 geteuid spu
+50 getegid spu
+51 acct -
+52 umount2 -
+53 lock -
+54 ioctl spu
+55 fcntl spu
+56 mpx -
+57 setpgid spu
+58 ulimit -
+59 oldolduname -
+60 umask spu
+61 chroot spu
+62 ustat -
+63 dup2 spu
+64 getppid spu
+65 getpgrp spu
+66 setsid spu
+67 sigaction -
+68 sgetmask spu
+69 ssetmask spu
+70 setreuid spu
+71 setregid spu
+72 sigsuspend -
+73 sigpending -
+74 sethostname spu
+75 setrlimit spu
+76 getrlimit -
+77 getrusage spu
+78 gettimeofday spu
+79 settimeofday spu
+80 getgroups spu
+81 setgroups spu
+82 select -
+83 symlink spu
+84 oldlstat -
+85 readlink spu
+86 uselib -
+87 swapon -
+88 reboot -
+89 readdir -
+90 mmap spu
+91 munmap spu
+92 truncate spu
+93 ftruncate spu
+94 fchmod spu
+95 fchown spu
+96 getpriority spu
+97 setpriority spu
+98 profil -
+99 statfs -
+100 fstatfs -
+101 ioperm -
+102 socketcall spu
+103 syslog spu
+104 setitimer spu
+105 getitimer spu
+106 stat spu
+107 lstat spu
+108 fstat spu
+109 olduname -
+110 iopl -
+111 vhangup spu
+112 idle -
+113 vm86 -
+114 wait4 spu
+115 swapoff -
+116 sysinfo spu
+117 ipc -
+118 fsync spu
+119 sigreturn -
+120 clone -
+121 setdomainname spu
+122 uname spu
+123 modify_ldt -
+124 adjtimex spu
+125 mprotect spu
+126 sigprocmask -
+127 create_module -
+128 init_module -
+129 delete_module -
+130 get_kernel_syms -
+131 quotactl -
+132 getpgid spu
+133 fchdir spu
+134 bdflush spu
+135 sysfs spu
+136 personality spu
+137 afs_syscall -
+138 setfsuid spu
+139 setfsgid spu
+140 _llseek spu
+141 getdents spu
+142 _newselect spu
+143 flock spu
+144 msync spu
+145 readv spu
+146 writev spu
+147 getsid spu
+148 fdatasync spu
+149 _sysctl -
+150 mlock spu
+151 munlock spu
+152 mlockall spu
+153 munlockall spu
+154 sched_setparam spu
+155 sched_getparam spu
+156 sched_setscheduler spu
+157 sched_getscheduler spu
+158 sched_yield spu
+159 sched_get_priority_max spu
+160 sched_get_priority_min spu
+161 sched_rr_get_interval spu
+162 nanosleep spu
+163 mremap spu
+164 setresuid spu
+165 getresuid spu
+166 query_module -
+167 poll spu
+168 nfsservctl -
+169 setresgid spu
+170 getresgid spu
+171 prctl spu
+172 rt_sigreturn -
+173 rt_sigaction -
+174 rt_sigprocmask -
+175 rt_sigpending -
+176 rt_sigtimedwait -
+177 rt_sigqueueinfo -
+178 rt_sigsuspend -
+179 pread64 spu
+180 pwrite64 spu
+181 chown spu
+182 getcwd spu
+183 capget spu
+184 capset spu
+185 sigaltstack -
+186 sendfile spu
+187 getpmsg -
+188 putpmsg -
+189 vfork -
+190 ugetrlimit spu
+191 readahead spu
+192 mmap2 -
+193 truncate64 -
+194 ftruncate64 -
+195 stat64 -
+196 lstat64 -
+197 fstat64 -
+198 pciconfig_read -
+199 pciconfig_write -
+200 pciconfig_iobase -
+201 multiplexer -
+202 getdents64 spu
+203 pivot_root spu
+204 fcntl64 -
+205 madvise spu
+206 mincore spu
+207 gettid spu
+208 tkill spu
+209 setxattr spu
+210 lsetxattr spu
+211 fsetxattr spu
+212 getxattr spu
+213 lgetxattr spu
+214 fgetxattr spu
+215 listxattr spu
+216 llistxattr spu
+217 flistxattr spu
+218 removexattr spu
+219 lremovexattr spu
+220 fremovexattr spu
+221 futex spu
+222 sched_setaffinity spu
+223 sched_getaffinity spu
+225 tuxcall -
+226 sendfile64 -
+227 io_setup spu
+228 io_destroy spu
+229 io_getevents spu
+230 io_submit spu
+231 io_cancel spu
+232 set_tid_address -
+233 fadvise64 spu
+234 exit_group -
+235 lookup_dcookie -
+236 epoll_create spu
+237 epoll_ctl spu
+238 epoll_wait spu
+239 remap_file_pages spu
+240 timer_create spu
+241 timer_settime spu
+242 timer_gettime spu
+243 timer_getoverrun spu
+244 timer_delete spu
+245 clock_settime spu
+246 clock_gettime spu
+247 clock_getres spu
+248 clock_nanosleep spu
+249 swapcontext -
+250 tgkill spu
+251 utimes spu
+252 statfs64 spu
+253 fstatfs64 spu
+254 fadvise64_64 -
+255 rtas spu
+256 sys_debug_setcontext -
+258 migrate_pages -
+259 mbind -
+260 get_mempolicy -
+261 set_mempolicy -
+262 mq_open -
+263 mq_unlink -
+264 mq_timedsend -
+265 mq_timedreceive -
+266 mq_notify -
+267 mq_getsetattr -
+268 kexec_load -
+269 add_key -
+270 request_key -
+271 keyctl -
+272 waitid -
+273 ioprio_set -
+274 ioprio_get -
+275 inotify_init -
+276 inotify_add_watch -
+277 inotify_rm_watch -
+278 spu_run -
+279 spu_create -
+280 pselect6 -
+281 ppoll -
+282 unshare spu
+283 splice spu
+284 tee spu
+285 vmsplice spu
+286 openat spu
+287 mkdirat spu
+288 mknodat spu
+289 fchownat spu
+290 futimesat spu
+291 newfstatat spu
+292 unlinkat spu
+293 renameat spu
+294 linkat spu
+295 symlinkat spu
+296 readlinkat spu
+297 fchmodat spu
+298 faccessat spu
+299 get_robust_list spu
+300 set_robust_list spu
+301 move_pages spu
+302 getcpu spu
+303 epoll_pwait -
+304 utimensat spu
+305 signalfd spu
+306 timerfd_create spu
+307 eventfd spu
+308 sync_file_range2 spu
+309 fallocate -
+310 subpage_prot -
+311 timerfd_settime spu
+312 timerfd_gettime spu
+313 signalfd4 spu
+314 eventfd2 spu
+315 epoll_create1 spu
+316 dup3 spu
+317 pipe2 spu
+318 inotify_init1 -
+319 perf_event_open spu
+320 preadv spu
+321 pwritev spu
+322 rt_tgsigqueueinfo -
+323 fanotify_init -
+324 fanotify_mark -
+325 prlimit64 spu
+326 socket spu
+327 bind spu
+328 connect spu
+329 listen spu
+330 accept spu
+331 getsockname spu
+332 getpeername spu
+333 socketpair spu
+334 send spu
+335 sendto spu
+336 recv spu
+337 recvfrom spu
+338 shutdown spu
+339 setsockopt spu
+340 getsockopt spu
+341 sendmsg spu
+342 recvmsg spu
+343 recvmmsg spu
+344 accept4 spu
+345 name_to_handle_at spu
+346 open_by_handle_at spu
+347 clock_adjtime spu
+348 syncfs spu
+349 sendmmsg spu
+350 setns spu
+351 process_vm_readv -
+352 process_vm_writev -
+353 finit_module -
+354 kcmp -
+355 sched_setattr spu
+356 sched_getattr spu
+357 renameat2 spu
+358 seccomp spu
+359 getrandom spu
+360 memfd_create spu
+361 bpf spu
+362 execveat -
+363 switch_endian -
+364 userfaultfd spu
+365 membarrier spu
+378 mlock2 -
+379 copy_file_range -
+380 preadv2 spu
+381 pwritev2 spu
+382 kexec_file_load -
+383 statx -
+384 pkey_alloc -
+385 pkey_free -
+386 pkey_mprotect -
+387 rseq -
+388 io_pgetevents -
+392 semtimedop -
+393 semget spu
+394 semctl spu
+395 shmget spu
+396 shmctl spu
+397 shmat spu
+398 shmdt spu
+399 msgget spu
+400 msgsnd spu
+401 msgrcv spu
+402 msgctl spu
+403 clock_gettime64 -
+404 clock_settime64 -
+405 clock_adjtime64 -
+406 clock_getres_time64 -
+407 clock_nanosleep_time64 -
+408 timer_gettime64 -
+409 timer_settime64 -
+410 timerfd_gettime64 -
+411 timerfd_settime64 -
+412 utimensat_time64 -
+413 pselect6_time64 -
+414 ppoll_time64 -
+416 io_pgetevents_time64 -
+417 recvmmsg_time64 -
+418 mq_timedsend_time64 -
+419 mq_timedreceive_time64 -
+420 semtimedop_time64 -
+421 rt_sigtimedwait_time64 -
+422 futex_time64 -
+423 sched_rr_get_interval_time64 -
+424 pidfd_send_signal spu
+425 io_uring_setup spu
+426 io_uring_enter spu
+427 io_uring_register spu
+428 open_tree spu
+429 move_mount spu
+430 fsopen spu
+431 fsconfig spu
+432 fsmount spu
+433 fspick spu
+434 pidfd_open spu
+435 clone3 -
+437 openat2 spu
+438 pidfd_getfd spu
+439 faccessat2 spu
diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl
index f833a3190822..c0cdaacd770e 100644
--- a/arch/powerpc/kernel/syscalls/syscall.tbl
+++ b/arch/powerpc/kernel/syscalls/syscall.tbl
@@ -5,13 +5,12 @@
# The format is:
# <number> <abi> <name> <entry point> <compat entry point>
#
-# The <abi> can be common, spu, nospu, 64, or 32 for this file.
+# The <abi> can be common, 64, or 32 for this file.
#
-0 nospu restart_syscall sys_restart_syscall
-1 nospu exit sys_exit
+0 common restart_syscall sys_restart_syscall
+1 common exit sys_exit
2 32 fork ppc_fork sys_fork
2 64 fork sys_fork
-2 spu fork sys_ni_syscall
3 common read sys_read
4 common write sys_write
5 common open sys_open compat_sys_open
@@ -20,35 +19,30 @@
8 common creat sys_creat
9 common link sys_link
10 common unlink sys_unlink
-11 nospu execve sys_execve compat_sys_execve
+11 common execve sys_execve compat_sys_execve
12 common chdir sys_chdir
13 32 time sys_time32
13 64 time sys_time
-13 spu time sys_time
14 common mknod sys_mknod
15 common chmod sys_chmod
16 common lchown sys_lchown
17 common break sys_ni_syscall
18 32 oldstat sys_stat sys_ni_syscall
18 64 oldstat sys_ni_syscall
-18 spu oldstat sys_ni_syscall
19 common lseek sys_lseek compat_sys_lseek
20 common getpid sys_getpid
-21 nospu mount sys_mount compat_sys_mount
+21 common mount sys_mount compat_sys_mount
22 32 umount sys_oldumount
22 64 umount sys_ni_syscall
-22 spu umount sys_ni_syscall
23 common setuid sys_setuid
24 common getuid sys_getuid
25 32 stime sys_stime32
25 64 stime sys_stime
-25 spu stime sys_stime
-26 nospu ptrace sys_ptrace compat_sys_ptrace
+26 common ptrace sys_ptrace compat_sys_ptrace
27 common alarm sys_alarm
28 32 oldfstat sys_fstat sys_ni_syscall
28 64 oldfstat sys_ni_syscall
-28 spu oldfstat sys_ni_syscall
-29 nospu pause sys_pause
+29 common pause sys_pause
30 32 utime sys_utime32
30 64 utime sys_utime
31 common stty sys_ni_syscall
@@ -68,11 +62,11 @@
45 common brk sys_brk
46 common setgid sys_setgid
47 common getgid sys_getgid
-48 nospu signal sys_signal
+48 common signal sys_signal
49 common geteuid sys_geteuid
50 common getegid sys_getegid
-51 nospu acct sys_acct
-52 nospu umount2 sys_umount
+51 common acct sys_acct
+52 common umount2 sys_umount
53 common lock sys_ni_syscall
54 common ioctl sys_ioctl compat_sys_ioctl
55 common fcntl sys_fcntl compat_sys_fcntl
@@ -81,32 +75,27 @@
58 common ulimit sys_ni_syscall
59 32 oldolduname sys_olduname
59 64 oldolduname sys_ni_syscall
-59 spu oldolduname sys_ni_syscall
60 common umask sys_umask
61 common chroot sys_chroot
-62 nospu ustat sys_ustat compat_sys_ustat
+62 common ustat sys_ustat compat_sys_ustat
63 common dup2 sys_dup2
64 common getppid sys_getppid
65 common getpgrp sys_getpgrp
66 common setsid sys_setsid
67 32 sigaction sys_sigaction compat_sys_sigaction
67 64 sigaction sys_ni_syscall
-67 spu sigaction sys_ni_syscall
68 common sgetmask sys_sgetmask
69 common ssetmask sys_ssetmask
70 common setreuid sys_setreuid
71 common setregid sys_setregid
72 32 sigsuspend sys_sigsuspend
72 64 sigsuspend sys_ni_syscall
-72 spu sigsuspend sys_ni_syscall
73 32 sigpending sys_sigpending compat_sys_sigpending
73 64 sigpending sys_ni_syscall
-73 spu sigpending sys_ni_syscall
74 common sethostname sys_sethostname
75 common setrlimit sys_setrlimit compat_sys_setrlimit
76 32 getrlimit sys_old_getrlimit compat_sys_old_getrlimit
76 64 getrlimit sys_ni_syscall
-76 spu getrlimit sys_ni_syscall
77 common getrusage sys_getrusage compat_sys_getrusage
78 common gettimeofday sys_gettimeofday compat_sys_gettimeofday
79 common settimeofday sys_settimeofday compat_sys_settimeofday
@@ -114,18 +103,15 @@
81 common setgroups sys_setgroups
82 32 select ppc_select sys_ni_syscall
82 64 select sys_ni_syscall
-82 spu select sys_ni_syscall
83 common symlink sys_symlink
84 32 oldlstat sys_lstat sys_ni_syscall
84 64 oldlstat sys_ni_syscall
-84 spu oldlstat sys_ni_syscall
85 common readlink sys_readlink
-86 nospu uselib sys_uselib
-87 nospu swapon sys_swapon
-88 nospu reboot sys_reboot
+86 common uselib sys_uselib
+87 common swapon sys_swapon
+88 common reboot sys_reboot
89 32 readdir sys_old_readdir compat_sys_old_readdir
89 64 readdir sys_ni_syscall
-89 spu readdir sys_ni_syscall
90 common mmap sys_mmap
91 common munmap sys_munmap
92 common truncate sys_truncate compat_sys_truncate
@@ -135,8 +121,8 @@
96 common getpriority sys_getpriority
97 common setpriority sys_setpriority
98 common profil sys_ni_syscall
-99 nospu statfs sys_statfs compat_sys_statfs
-100 nospu fstatfs sys_fstatfs compat_sys_fstatfs
+99 common statfs sys_statfs compat_sys_statfs
+100 common fstatfs sys_fstatfs compat_sys_fstatfs
101 common ioperm sys_ni_syscall
102 common socketcall sys_socketcall compat_sys_socketcall
103 common syslog sys_syslog
@@ -147,44 +133,38 @@
108 common fstat sys_newfstat compat_sys_newfstat
109 32 olduname sys_uname
109 64 olduname sys_ni_syscall
-109 spu olduname sys_ni_syscall
110 common iopl sys_ni_syscall
111 common vhangup sys_vhangup
112 common idle sys_ni_syscall
113 common vm86 sys_ni_syscall
114 common wait4 sys_wait4 compat_sys_wait4
-115 nospu swapoff sys_swapoff
+115 common swapoff sys_swapoff
116 common sysinfo sys_sysinfo compat_sys_sysinfo
-117 nospu ipc sys_ipc compat_sys_ipc
+117 common ipc sys_ipc compat_sys_ipc
118 common fsync sys_fsync
119 32 sigreturn sys_sigreturn compat_sys_sigreturn
119 64 sigreturn sys_ni_syscall
-119 spu sigreturn sys_ni_syscall
120 32 clone ppc_clone sys_clone
120 64 clone sys_clone
-120 spu clone sys_ni_syscall
121 common setdomainname sys_setdomainname
122 common uname sys_newuname
123 common modify_ldt sys_ni_syscall
124 32 adjtimex sys_adjtimex_time32
124 64 adjtimex sys_adjtimex
-124 spu adjtimex sys_adjtimex
125 common mprotect sys_mprotect
126 32 sigprocmask sys_sigprocmask compat_sys_sigprocmask
126 64 sigprocmask sys_ni_syscall
-126 spu sigprocmask sys_ni_syscall
127 common create_module sys_ni_syscall
-128 nospu init_module sys_init_module
-129 nospu delete_module sys_delete_module
+128 common init_module sys_init_module
+129 common delete_module sys_delete_module
130 common get_kernel_syms sys_ni_syscall
-131 nospu quotactl sys_quotactl
+131 common quotactl sys_quotactl
132 common getpgid sys_getpgid
133 common fchdir sys_fchdir
134 common bdflush sys_bdflush
135 common sysfs sys_sysfs
136 32 personality sys_personality ppc64_personality
136 64 personality ppc64_personality
-136 spu personality ppc64_personality
137 common afs_syscall sys_ni_syscall
138 common setfsuid sys_setfsuid
139 common setfsgid sys_setfsgid
@@ -197,7 +177,7 @@
146 common writev sys_writev compat_sys_writev
147 common getsid sys_getsid
148 common fdatasync sys_fdatasync
-149 nospu _sysctl sys_sysctl compat_sys_sysctl
+149 common _sysctl sys_sysctl compat_sys_sysctl
150 common mlock sys_mlock
151 common munlock sys_munlock
152 common mlockall sys_mlockall
@@ -211,10 +191,8 @@
160 common sched_get_priority_min sys_sched_get_priority_min
161 32 sched_rr_get_interval sys_sched_rr_get_interval_time32
161 64 sched_rr_get_interval sys_sched_rr_get_interval
-161 spu sched_rr_get_interval sys_sched_rr_get_interval
162 32 nanosleep sys_nanosleep_time32
162 64 nanosleep sys_nanosleep
-162 spu nanosleep sys_nanosleep
163 common mremap sys_mremap
164 common setresuid sys_setresuid
165 common getresuid sys_getresuid
@@ -224,29 +202,27 @@
169 common setresgid sys_setresgid
170 common getresgid sys_getresgid
171 common prctl sys_prctl
-172 nospu rt_sigreturn sys_rt_sigreturn compat_sys_rt_sigreturn
-173 nospu rt_sigaction sys_rt_sigaction compat_sys_rt_sigaction
-174 nospu rt_sigprocmask sys_rt_sigprocmask compat_sys_rt_sigprocmask
-175 nospu rt_sigpending sys_rt_sigpending compat_sys_rt_sigpending
+172 common rt_sigreturn sys_rt_sigreturn compat_sys_rt_sigreturn
+173 common rt_sigaction sys_rt_sigaction compat_sys_rt_sigaction
+174 common rt_sigprocmask sys_rt_sigprocmask compat_sys_rt_sigprocmask
+175 common rt_sigpending sys_rt_sigpending compat_sys_rt_sigpending
176 32 rt_sigtimedwait sys_rt_sigtimedwait_time32 compat_sys_rt_sigtimedwait_time32
176 64 rt_sigtimedwait sys_rt_sigtimedwait
-177 nospu rt_sigqueueinfo sys_rt_sigqueueinfo compat_sys_rt_sigqueueinfo
-178 nospu rt_sigsuspend sys_rt_sigsuspend compat_sys_rt_sigsuspend
+177 common rt_sigqueueinfo sys_rt_sigqueueinfo compat_sys_rt_sigqueueinfo
+178 common rt_sigsuspend sys_rt_sigsuspend compat_sys_rt_sigsuspend
179 common pread64 sys_pread64 compat_sys_pread64
180 common pwrite64 sys_pwrite64 compat_sys_pwrite64
181 common chown sys_chown
182 common getcwd sys_getcwd
183 common capget sys_capget
184 common capset sys_capset
-185 nospu sigaltstack sys_sigaltstack compat_sys_sigaltstack
+185 common sigaltstack sys_sigaltstack compat_sys_sigaltstack
186 32 sendfile sys_sendfile compat_sys_sendfile
186 64 sendfile sys_sendfile64
-186 spu sendfile sys_sendfile64
187 common getpmsg sys_ni_syscall
188 common putpmsg sys_ni_syscall
189 32 vfork ppc_vfork sys_vfork
189 64 vfork sys_vfork
-189 spu vfork sys_ni_syscall
190 common ugetrlimit sys_getrlimit compat_sys_getrlimit
191 common readahead sys_readahead compat_sys_readahead
192 32 mmap2 sys_mmap2 compat_sys_mmap2
@@ -255,9 +231,9 @@
195 32 stat64 sys_stat64
196 32 lstat64 sys_lstat64
197 32 fstat64 sys_fstat64
-198 nospu pciconfig_read sys_pciconfig_read
-199 nospu pciconfig_write sys_pciconfig_write
-200 nospu pciconfig_iobase sys_pciconfig_iobase
+198 common pciconfig_read sys_pciconfig_read
+199 common pciconfig_write sys_pciconfig_write
+200 common pciconfig_iobase sys_pciconfig_iobase
201 common multiplexer sys_ni_syscall
202 common getdents64 sys_getdents64
203 common pivot_root sys_pivot_root
@@ -280,7 +256,6 @@
220 common fremovexattr sys_fremovexattr
221 32 futex sys_futex_time32
221 64 futex sys_futex
-221 spu futex sys_futex
222 common sched_setaffinity sys_sched_setaffinity compat_sys_sched_setaffinity
223 common sched_getaffinity sys_sched_getaffinity compat_sys_sched_getaffinity
# 224 unused
@@ -290,13 +265,12 @@
228 common io_destroy sys_io_destroy
229 32 io_getevents sys_io_getevents_time32
229 64 io_getevents sys_io_getevents
-229 spu io_getevents sys_io_getevents
230 common io_submit sys_io_submit compat_sys_io_submit
231 common io_cancel sys_io_cancel
-232 nospu set_tid_address sys_set_tid_address
+232 common set_tid_address sys_set_tid_address
233 common fadvise64 sys_fadvise64 ppc32_fadvise64
-234 nospu exit_group sys_exit_group
-235 nospu lookup_dcookie sys_lookup_dcookie compat_sys_lookup_dcookie
+234 common exit_group sys_exit_group
+235 common lookup_dcookie sys_lookup_dcookie compat_sys_lookup_dcookie
236 common epoll_create sys_epoll_create
237 common epoll_ctl sys_epoll_ctl
238 common epoll_wait sys_epoll_wait
@@ -304,64 +278,54 @@
240 common timer_create sys_timer_create compat_sys_timer_create
241 32 timer_settime sys_timer_settime32
241 64 timer_settime sys_timer_settime
-241 spu timer_settime sys_timer_settime
242 32 timer_gettime sys_timer_gettime32
242 64 timer_gettime sys_timer_gettime
-242 spu timer_gettime sys_timer_gettime
243 common timer_getoverrun sys_timer_getoverrun
244 common timer_delete sys_timer_delete
245 32 clock_settime sys_clock_settime32
245 64 clock_settime sys_clock_settime
-245 spu clock_settime sys_clock_settime
246 32 clock_gettime sys_clock_gettime32
246 64 clock_gettime sys_clock_gettime
-246 spu clock_gettime sys_clock_gettime
247 32 clock_getres sys_clock_getres_time32
247 64 clock_getres sys_clock_getres
-247 spu clock_getres sys_clock_getres
248 32 clock_nanosleep sys_clock_nanosleep_time32
248 64 clock_nanosleep sys_clock_nanosleep
-248 spu clock_nanosleep sys_clock_nanosleep
249 32 swapcontext ppc_swapcontext compat_sys_swapcontext
249 64 swapcontext sys_swapcontext
-249 spu swapcontext sys_ni_syscall
250 common tgkill sys_tgkill
251 32 utimes sys_utimes_time32
251 64 utimes sys_utimes
-251 spu utimes sys_utimes
252 common statfs64 sys_statfs64 compat_sys_statfs64
253 common fstatfs64 sys_fstatfs64 compat_sys_fstatfs64
254 32 fadvise64_64 ppc_fadvise64_64
-254 spu fadvise64_64 sys_ni_syscall
255 common rtas sys_rtas
256 32 sys_debug_setcontext sys_debug_setcontext sys_ni_syscall
256 64 sys_debug_setcontext sys_ni_syscall
-256 spu sys_debug_setcontext sys_ni_syscall
# 257 reserved for vserver
-258 nospu migrate_pages sys_migrate_pages compat_sys_migrate_pages
-259 nospu mbind sys_mbind compat_sys_mbind
-260 nospu get_mempolicy sys_get_mempolicy compat_sys_get_mempolicy
-261 nospu set_mempolicy sys_set_mempolicy compat_sys_set_mempolicy
-262 nospu mq_open sys_mq_open compat_sys_mq_open
-263 nospu mq_unlink sys_mq_unlink
+258 common migrate_pages sys_migrate_pages compat_sys_migrate_pages
+259 common mbind sys_mbind compat_sys_mbind
+260 common get_mempolicy sys_get_mempolicy compat_sys_get_mempolicy
+261 common set_mempolicy sys_set_mempolicy compat_sys_set_mempolicy
+262 common mq_open sys_mq_open compat_sys_mq_open
+263 common mq_unlink sys_mq_unlink
264 32 mq_timedsend sys_mq_timedsend_time32
264 64 mq_timedsend sys_mq_timedsend
265 32 mq_timedreceive sys_mq_timedreceive_time32
265 64 mq_timedreceive sys_mq_timedreceive
-266 nospu mq_notify sys_mq_notify compat_sys_mq_notify
-267 nospu mq_getsetattr sys_mq_getsetattr compat_sys_mq_getsetattr
-268 nospu kexec_load sys_kexec_load compat_sys_kexec_load
-269 nospu add_key sys_add_key
-270 nospu request_key sys_request_key
-271 nospu keyctl sys_keyctl compat_sys_keyctl
-272 nospu waitid sys_waitid compat_sys_waitid
-273 nospu ioprio_set sys_ioprio_set
-274 nospu ioprio_get sys_ioprio_get
-275 nospu inotify_init sys_inotify_init
-276 nospu inotify_add_watch sys_inotify_add_watch
-277 nospu inotify_rm_watch sys_inotify_rm_watch
-278 nospu spu_run sys_spu_run
-279 nospu spu_create sys_spu_create
+266 common mq_notify sys_mq_notify compat_sys_mq_notify
+267 common mq_getsetattr sys_mq_getsetattr compat_sys_mq_getsetattr
+268 common kexec_load sys_kexec_load compat_sys_kexec_load
+269 common add_key sys_add_key
+270 common request_key sys_request_key
+271 common keyctl sys_keyctl compat_sys_keyctl
+272 common waitid sys_waitid compat_sys_waitid
+273 common ioprio_set sys_ioprio_set
+274 common ioprio_get sys_ioprio_get
+275 common inotify_init sys_inotify_init
+276 common inotify_add_watch sys_inotify_add_watch
+277 common inotify_rm_watch sys_inotify_rm_watch
+278 common spu_run sys_spu_run
+279 common spu_create sys_spu_create
280 32 pselect6 sys_pselect6_time32 compat_sys_pselect6_time32
280 64 pselect6 sys_pselect6
281 32 ppoll sys_ppoll_time32 compat_sys_ppoll_time32
@@ -376,10 +340,8 @@
289 common fchownat sys_fchownat
290 32 futimesat sys_futimesat_time32
290 64 futimesat sys_futimesat
-290 spu utimesat sys_futimesat
291 32 fstatat64 sys_fstatat64
291 64 newfstatat sys_newfstatat
-291 spu newfstatat sys_newfstatat
292 common unlinkat sys_unlinkat
293 common renameat sys_renameat
294 common linkat sys_linkat
@@ -391,34 +353,31 @@
300 common set_robust_list sys_set_robust_list compat_sys_set_robust_list
301 common move_pages sys_move_pages compat_sys_move_pages
302 common getcpu sys_getcpu
-303 nospu epoll_pwait sys_epoll_pwait compat_sys_epoll_pwait
+303 common epoll_pwait sys_epoll_pwait compat_sys_epoll_pwait
304 32 utimensat sys_utimensat_time32
304 64 utimensat sys_utimensat
-304 spu utimensat sys_utimensat
305 common signalfd sys_signalfd compat_sys_signalfd
306 common timerfd_create sys_timerfd_create
307 common eventfd sys_eventfd
308 common sync_file_range2 sys_sync_file_range2 compat_sys_sync_file_range2
-309 nospu fallocate sys_fallocate compat_sys_fallocate
-310 nospu subpage_prot sys_subpage_prot
+309 common fallocate sys_fallocate compat_sys_fallocate
+310 common subpage_prot sys_subpage_prot
311 32 timerfd_settime sys_timerfd_settime32
311 64 timerfd_settime sys_timerfd_settime
-311 spu timerfd_settime sys_timerfd_settime
312 32 timerfd_gettime sys_timerfd_gettime32
312 64 timerfd_gettime sys_timerfd_gettime
-312 spu timerfd_gettime sys_timerfd_gettime
313 common signalfd4 sys_signalfd4 compat_sys_signalfd4
314 common eventfd2 sys_eventfd2
315 common epoll_create1 sys_epoll_create1
316 common dup3 sys_dup3
317 common pipe2 sys_pipe2
-318 nospu inotify_init1 sys_inotify_init1
+318 common inotify_init1 sys_inotify_init1
319 common perf_event_open sys_perf_event_open
320 common preadv sys_preadv compat_sys_preadv
321 common pwritev sys_pwritev compat_sys_pwritev
-322 nospu rt_tgsigqueueinfo sys_rt_tgsigqueueinfo compat_sys_rt_tgsigqueueinfo
-323 nospu fanotify_init sys_fanotify_init
-324 nospu fanotify_mark sys_fanotify_mark compat_sys_fanotify_mark
+322 common rt_tgsigqueueinfo sys_rt_tgsigqueueinfo compat_sys_rt_tgsigqueueinfo
+323 common fanotify_init sys_fanotify_init
+324 common fanotify_mark sys_fanotify_mark compat_sys_fanotify_mark
325 common prlimit64 sys_prlimit64
326 common socket sys_socket
327 common bind sys_bind
@@ -439,20 +398,18 @@
342 common recvmsg sys_recvmsg compat_sys_recvmsg
343 32 recvmmsg sys_recvmmsg_time32 compat_sys_recvmmsg_time32
343 64 recvmmsg sys_recvmmsg
-343 spu recvmmsg sys_recvmmsg
344 common accept4 sys_accept4
345 common name_to_handle_at sys_name_to_handle_at
346 common open_by_handle_at sys_open_by_handle_at compat_sys_open_by_handle_at
347 32 clock_adjtime sys_clock_adjtime32
347 64 clock_adjtime sys_clock_adjtime
-347 spu clock_adjtime sys_clock_adjtime
348 common syncfs sys_syncfs
349 common sendmmsg sys_sendmmsg compat_sys_sendmmsg
350 common setns sys_setns
-351 nospu process_vm_readv sys_process_vm_readv compat_sys_process_vm_readv
-352 nospu process_vm_writev sys_process_vm_writev compat_sys_process_vm_writev
-353 nospu finit_module sys_finit_module
-354 nospu kcmp sys_kcmp
+351 common process_vm_readv sys_process_vm_readv compat_sys_process_vm_readv
+352 common process_vm_writev sys_process_vm_writev compat_sys_process_vm_writev
+353 common finit_module sys_finit_module
+354 common kcmp sys_kcmp
355 common sched_setattr sys_sched_setattr
356 common sched_getattr sys_sched_getattr
357 common renameat2 sys_renameat2
@@ -460,23 +417,22 @@
359 common getrandom sys_getrandom
360 common memfd_create sys_memfd_create
361 common bpf sys_bpf
-362 nospu execveat sys_execveat compat_sys_execveat
+362 common execveat sys_execveat compat_sys_execveat
363 32 switch_endian sys_ni_syscall
363 64 switch_endian sys_switch_endian
-363 spu switch_endian sys_ni_syscall
364 common userfaultfd sys_userfaultfd
365 common membarrier sys_membarrier
# 366-377 originally left for IPC, now unused
-378 nospu mlock2 sys_mlock2
-379 nospu copy_file_range sys_copy_file_range
+378 common mlock2 sys_mlock2
+379 common copy_file_range sys_copy_file_range
380 common preadv2 sys_preadv2 compat_sys_preadv2
381 common pwritev2 sys_pwritev2 compat_sys_pwritev2
-382 nospu kexec_file_load sys_kexec_file_load
-383 nospu statx sys_statx
-384 nospu pkey_alloc sys_pkey_alloc
-385 nospu pkey_free sys_pkey_free
-386 nospu pkey_mprotect sys_pkey_mprotect
-387 nospu rseq sys_rseq
+382 common kexec_file_load sys_kexec_file_load
+383 common statx sys_statx
+384 common pkey_alloc sys_pkey_alloc
+385 common pkey_free sys_pkey_free
+386 common pkey_mprotect sys_pkey_mprotect
+387 common rseq sys_rseq
388 32 io_pgetevents sys_io_pgetevents_time32 compat_sys_io_pgetevents
388 64 io_pgetevents sys_io_pgetevents
# room for arch specific syscalls
@@ -524,7 +480,6 @@
434 common pidfd_open sys_pidfd_open
435 32 clone3 ppc_clone3 sys_clone3
435 64 clone3 sys_clone3
-435 spu clone3 sys_ni_syscall
437 common openat2 sys_openat2
438 common pidfd_getfd sys_pidfd_getfd
439 common faccessat2 sys_faccessat2
diff --git a/arch/powerpc/kernel/syscalls/syscalltbl.sh b/arch/powerpc/kernel/syscalls/syscalltbl.sh
index f7393a7b18aa..1a760242620c 100644
--- a/arch/powerpc/kernel/syscalls/syscalltbl.sh
+++ b/arch/powerpc/kernel/syscalls/syscalltbl.sh
@@ -6,6 +6,7 @@ out="$2"
my_abis=`echo "($3)" | tr ',' '|'`
my_abi="$4"
offset="$5"
+spu_table="$6"
emit() {
t_nxt="$1"
@@ -28,9 +29,16 @@ grep -E "^[0-9A-Fa-fXx]+[[:space:]]+${my_abis}" "$in" | sort -n | (
while read nr abi name entry compat ; do
if [ "$my_abi" = "c32" ] && [ ! -z "$compat" ]; then
emit $((nxt+offset)) $((nr+offset)) $compat
+ nxt=$((nr+1))
+ elif [ "$my_abi" = "spu" ]; then
+ grep -E "^$nr[[:space:]]+$name[[:space:]]+spu[[:space:]]*$" "$spu_table" > /dev/null
+ if [ $? -eq 0 ]; then
+ emit $((nxt+offset)) $((nr+offset)) $entry
+ nxt=$((nr+1))
+ fi
else
emit $((nxt+offset)) $((nr+offset)) $entry
+ nxt=$((nr+1))
fi
- nxt=$((nr+1))
done
) > "$out"
--
2.25.1
^ permalink raw reply related
* [PATCH 1/2] powerpc/syscalls: Use the number when building SPU syscall table
From: Michael Ellerman @ 2020-06-16 13:56 UTC (permalink / raw)
To: linuxppc-dev; +Cc: linux-arch, linux-kernel, arnd
Currently the macro that inserts entries into the SPU syscall table
doesn't actually use the "nr" (syscall number) parameter.
This does work, but it relies on the exact right number of syscall
entries being emitted in order for the syscal numbers to line up with
the array entries. If for example we had two entries with the same
syscall number we wouldn't get an error, it would just cause all
subsequent syscalls to be off by one in the spu_syscall_table.
So instead change the macro to assign to the specific entry of the
array, meaning any numbering overlap will be caught by the compiler.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20190116132714.20094-1-mpe@ellerman.id.au
---
arch/powerpc/platforms/cell/spu_callbacks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/cell/spu_callbacks.c b/arch/powerpc/platforms/cell/spu_callbacks.c
index cbee3666da07..abdef9bcf432 100644
--- a/arch/powerpc/platforms/cell/spu_callbacks.c
+++ b/arch/powerpc/platforms/cell/spu_callbacks.c
@@ -35,7 +35,7 @@
*/
static void *spu_syscall_table[] = {
-#define __SYSCALL(nr, entry) entry,
+#define __SYSCALL(nr, entry) [nr] = entry,
#include <asm/syscall_table_spu.h>
#undef __SYSCALL
};
--
2.25.1
^ permalink raw reply related
* Re: [PATCH v4 1/3] mm/slab: Use memzero_explicit() in kzfree()
From: Waiman Long @ 2020-06-16 13:05 UTC (permalink / raw)
To: Eric Biggers
Cc: Jason A . Donenfeld, Michal Hocko, linux-btrfs, Jarkko Sakkinen,
David Sterba, David Howells, linux-mm, linux-sctp, keyrings,
kasan-dev, linux-stm32, devel, linux-cifs, linux-scsi,
James Morris, Matthew Wilcox, linux-wpan, David Rientjes,
Dan Carpenter, Serge E. Hallyn, linux-pm, ecryptfs, linux-fscrypt,
linux-mediatek, linux-amlogic, virtualization, linux-integrity,
linux-nfs, linuxppc-dev, linux-wireless, linux-kernel, stable,
linux-bluetooth, linux-security-module, target-devel,
tipc-discussion, linux-crypto, Johannes Weiner, Joe Perches,
Andrew Morton, Linus Torvalds, netdev, wireguard, linux-ppp
In-Reply-To: <20200616033035.GB902@sol.localdomain>
On 6/15/20 11:30 PM, Eric Biggers wrote:
> On Mon, Jun 15, 2020 at 09:57:16PM -0400, Waiman Long wrote:
>> The kzfree() function is normally used to clear some sensitive
>> information, like encryption keys, in the buffer before freeing it back
>> to the pool. Memset() is currently used for the buffer clearing. However,
>> it is entirely possible that the compiler may choose to optimize away the
>> memory clearing especially if LTO is being used. To make sure that this
>> optimization will not happen, memzero_explicit(), which is introduced
>> in v3.18, is now used in kzfree() to do the clearing.
>>
>> Fixes: 3ef0e5ba4673 ("slab: introduce kzfree()")
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Waiman Long <longman@redhat.com>
>> ---
>> mm/slab_common.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/mm/slab_common.c b/mm/slab_common.c
>> index 9e72ba224175..37d48a56431d 100644
>> --- a/mm/slab_common.c
>> +++ b/mm/slab_common.c
>> @@ -1726,7 +1726,7 @@ void kzfree(const void *p)
>> if (unlikely(ZERO_OR_NULL_PTR(mem)))
>> return;
>> ks = ksize(mem);
>> - memset(mem, 0, ks);
>> + memzero_explicit(mem, ks);
>> kfree(mem);
>> }
>> EXPORT_SYMBOL(kzfree);
> This is a good change, but the commit message isn't really accurate. AFAIK, no
> one has found any case where this memset() gets optimized out. And even with
> LTO, it would be virtually impossible due to all the synchronization and global
> data structures that kfree() uses. (Remember that this isn't the C standard
> function "free()", so the compiler can't assign it any special meaning.)
> Not to mention that LTO support isn't actually upstream yet.
>
> I still agree with the change, but it might be helpful if the commit message
> were honest that this is really a hardening measure and about properly conveying
> the intent. As-is this sounds like a critical fix, which might confuse people.
Yes, I agree that the commit log may look a bit scary. How about the
following:
The kzfree() function is normally used to clear some sensitive
information, like encryption keys, in the buffer before freeing it back
to the pool. Memset() is currently used for buffer clearing. However
unlikely, there is still a non-zero probability that the compiler may
choose to optimize away the memory clearing especially if LTO is being
used in the future. To make sure that this optimization will never
happen, memzero_explicit(), which is introduced in v3.18, is now used
in kzfree() to future-proof it.
Cheers,
Longman
^ permalink raw reply
* Re: powerpc/pci: [PATCH 1/1 V3] PCIE PHB reset
From: Michael Ellerman @ 2020-06-16 11:56 UTC (permalink / raw)
To: wenxiong, linuxppc-dev; +Cc: brking, oohall, Wen Xiong, wenxiong
In-Reply-To: <1590499319-6472-1-git-send-email-wenxiong@linux.vnet.ibm.com>
wenxiong@linux.vnet.ibm.com writes:
> From: Wen Xiong <wenxiong@linux.vnet.ibm.com>
>
> Several device drivers hit EEH(Extended Error handling) when triggering
> kdump on Pseries PowerVM. This patch implemented a reset of the PHBs
> in pci general code when triggering kdump.
Actually it's in pseries specific PCI code, and the reset is done in the
2nd kernel as it boots, not when triggering the kdump.
You're doing it as a:
machine_postcore_initcall(pseries, pseries_phb_reset);
But we do the EEH initialisation in:
core_initcall_sync(eeh_init);
Which happens first.
So it seems to me that this should be called from pseries_eeh_init().
That would isolate the code in the right place, and allow you to use the
existing ibm_get_config_addr_info.
You probably can't use pseries_eeh_get_pe_addr(), because you won't have
a "pe" structure yet.
Instead you should add a helper that does the core of that logic but
accepts config_addr/buid as parameters, and then have your code and
pseries_eeh_get_pe_addr() call that.
> PHB reset stop all PCI
> transactions from normal kernel. We have tested the patch in several
> enviroments:
> - direct slot adapters
> - adapters under the switch
> - a VF adapter in PowerVM
> - a VF adapter/adapter in KVM guest.
>
> Signed-off-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
>
> ---
> arch/powerpc/platforms/pseries/pci.c | 152 +++++++++++++++++++++++++++
> 1 file changed, 152 insertions(+)
>
> diff --git a/arch/powerpc/platforms/pseries/pci.c b/arch/powerpc/platforms/pseries/pci.c
> index 911534b89c85..cb7e4276cf04 100644
> --- a/arch/powerpc/platforms/pseries/pci.c
> +++ b/arch/powerpc/platforms/pseries/pci.c
> @@ -11,6 +11,8 @@
> #include <linux/kernel.h>
> #include <linux/pci.h>
> #include <linux/string.h>
> +#include <linux/crash_dump.h>
> +#include <linux/delay.h>
>
> #include <asm/eeh.h>
> #include <asm/pci-bridge.h>
> @@ -354,3 +356,153 @@ int pseries_root_bridge_prepare(struct pci_host_bridge *bridge)
>
> return 0;
> }
> +
> +/**
> + * pseries_get_pdn_addr - Retrieve PHB address
> + * @pe: EEH PE
There is no "pe" parameter.
Oh but there is in pseries_eeh_get_pe_addr() which this is an almost
verbatim copy of.
> + *
> + * Retrieve the assocated PHB address. Actually, there're 2 RTAS
> + * function calls dedicated for the purpose. We need implement
> + * it through the new function and then the old one. Besides,
> + * you should make sure the config address is figured out from
> + * FDT node before calling the function.
> + *
> + */
> +static int pseries_get_pdn_addr(struct pci_controller *phb)
> +{
> + int ret = -1;
> + int rets[3];
> + int ibm_get_config_addr_info;
> + int ibm_get_config_addr_info2;
> + int config_addr = 0;
> + struct pci_dn *root_pdn, *pdn;
> +
> + ibm_get_config_addr_info2 = rtas_token("ibm,get-config-addr-info2");
> + ibm_get_config_addr_info = rtas_token("ibm,get-config-addr-info");
> +
> + root_pdn = PCI_DN(phb->dn);
> + pdn = list_first_entry(&root_pdn->child_list, struct pci_dn, list);
> + config_addr = (pdn->busno << 16) | (pdn->devfn << 8);
> +
> + if (ibm_get_config_addr_info2 != RTAS_UNKNOWN_SERVICE) {
> + /*
> + * First of all, we need to make sure there has one PE
> + * associated with the device. If option is 1, it
> + * queries if config address is supported in a PE or not.
> + * If option is 0, it returns PE config address or config
> + * address for the PE primary bus.
> + */
> + ret = rtas_call(ibm_get_config_addr_info2, 4, 2, rets,
> + config_addr, BUID_HI(pdn->phb->buid),
> + BUID_LO(pdn->phb->buid), 1);
> + if (ret || (rets[0] == 0)) {
> + pr_warn("%s: Failed to get address for PHB#%x-PE# option=%d config_addr=%x\n",
> + __func__, pdn->phb->global_number, 1, rets[0]);
Here you've hacked the existing pr_warn() to drop the PE number but left
"-PE#" in the format string.
See the original:
pr_warn("%s: Failed to get address for PHB#%x-PE#%x\n",
__func__, pe->phb->global_number, pe->config_addr);
> + return -1;
> + }
> +
> + /* Retrieve the associated PE config address */
> + ret = rtas_call(ibm_get_config_addr_info2, 4, 2, rets,
> + config_addr, BUID_HI(pdn->phb->buid),
> + BUID_LO(pdn->phb->buid), 0);
> + if (ret) {
> + pr_warn("%s: Failed to get address for PHB#%x-PE# option=%d config_addr=%x\n",
^
and here
> + __func__, pdn->phb->global_number, 0, rets[0]);
> + return -1;
> + }
> + return rets[0];
> + }
> +
> + if (ibm_get_config_addr_info != RTAS_UNKNOWN_SERVICE) {
> + ret = rtas_call(ibm_get_config_addr_info, 4, 2, rets,
> + config_addr, BUID_HI(pdn->phb->buid),
> + BUID_LO(pdn->phb->buid), 0);
> + if (ret || rets[0]) {
> + pr_warn("%s: Failed to get address for PHB#%x-PE# config_addr=%x\n",
^
and here
> + __func__, pdn->phb->global_number, rets[0]);
> + return -1;
> + }
> + return rets[0];
> + }
> +
> + return ret;
> +}
> +
> +static int __init pseries_phb_reset(void)
> +{
> + struct pci_controller *phb;
> + int config_addr;
> + int ibm_set_slot_reset;
> + int ibm_configure_pe;
> + int ret;
> +
> + if (is_kdump_kernel() || reset_devices) {
This should be inverted and turned into an early return, allowing the
entire rest of the function to be de-indented.
> + pr_info("Issue PHB reset ...\n");
> + ibm_set_slot_reset = rtas_token("ibm,set-slot-reset");
> + ibm_configure_pe = rtas_token("ibm,configure-pe");
> +
> + if (ibm_set_slot_reset == RTAS_UNKNOWN_SERVICE ||
> + ibm_configure_pe == RTAS_UNKNOWN_SERVICE) {
> + pr_info("%s: EEH functionality not supported\n",
> + __func__);
But then you just continue?
> + }
> +
> + list_for_each_entry(phb, &hose_list, list_node) {
> + config_addr = pseries_get_pdn_addr(phb);
> + if (config_addr == -1)
> + continue;
> +
> + ret = rtas_call(ibm_set_slot_reset, 4, 1, NULL,
> + config_addr, BUID_HI(phb->buid),
> + BUID_LO(phb->buid), EEH_RESET_FUNDAMENTAL);
> +
> + /* If fundamental-reset not supported, try hot-reset */
> + if (ret == -8)
Where does -8 come from?
Oh I see, it's copied from pseries_eeh_reset().
> + ret = rtas_call(ibm_set_slot_reset, 4, 1, NULL,
> + config_addr, BUID_HI(phb->buid),
> + BUID_LO(phb->buid), EEH_RESET_HOT);
> +
> + if (ret) {
> + pr_err("%s: PHB#%x-PE# failed with rtas_call activate reset=%d\n",
^
again missing PE number.
> + __func__, phb->global_number, ret);
> + continue;
> + }
> + }
> + msleep(EEH_PE_RST_SETTLE_TIME);
So that loop is basically a copy of pseries_eeh_reset() but with the
sleep hoisted out of the loop.
I'd really prefer to see that refactored into a helper that takes the
config_addr and buid and doesn't do the sleep.
Then this loop could call that helper, and so could pseries_eeh_reset().
> +
> + list_for_each_entry(phb, &hose_list, list_node) {
> + config_addr = pseries_get_pdn_addr(phb);
> + if (config_addr == -1)
> + continue;
> +
> + ret = rtas_call(ibm_set_slot_reset, 4, 1, NULL,
> + config_addr, BUID_HI(phb->buid),
> + BUID_LO(phb->buid), EEH_RESET_DEACTIVATE);
> + if (ret) {
> + pr_err("%s: PHB#%x-PE# failed with rtas_call deactive reset=%d\n",
> + __func__, phb->global_number, ret);
> + continue;
> + }
> + }
> + msleep(EEH_PE_RST_SETTLE_TIME);
> +
> + list_for_each_entry(phb, &hose_list, list_node) {
> + config_addr = pseries_get_pdn_addr(phb);
> + if (config_addr == -1)
> + continue;
> +
> + ret = rtas_call(ibm_configure_pe, 3, 1, NULL,
> + config_addr, BUID_HI(phb->buid),
> + BUID_LO(phb->buid));
> + if (ret) {
> + pr_err("%s: PHB#%x-PE# failed with rtas_call configure_pe =%d\n",
> + __func__, phb->global_number, ret);
> + continue;
> + }
> + }
> + }
> +
> + return 0;
> +}
> +machine_postcore_initcall(pseries, pseries_phb_reset);
cheers
^ permalink raw reply
* Re: [PATCH v4 6/7] KVM: MIPS: clean up redundant 'kvm_run' parameters
From: Tianjia Zhang @ 2020-06-16 11:54 UTC (permalink / raw)
To: Paolo Bonzini, Huacai Chen
Cc: wanpengli, kvm, david, heiko.carstens, Peter Xu, open list:MIPS,
hpa, kvmarm, linux-s390, frankja, Marc Zyngier, joro, x86,
borntraeger, mingo, julien.thierry.kdev, thuth, gor,
suzuki.poulose, kvm-ppc, Borislav Petkov, Thomas Gleixner,
linux-arm-kernel, jmattson, Thomas Bogendoerfer, cohuck,
christoffer.dall, sean.j.christopherson, LKML, james.morse,
vkuznets, linuxppc-dev
In-Reply-To: <30c2ac06-1a7e-2f85-fbe1-e9dc25bf2ae2@redhat.com>
On 2020/5/29 17:48, Paolo Bonzini wrote:
> On 27/05/20 08:24, Tianjia Zhang wrote:
>>>>
>>>>
>>
>> Hi Huacai,
>>
>> These two patches(6/7 and 7/7) should be merged into the tree of the
>> mips architecture separately. At present, there seems to be no good way
>> to merge the whole architecture patchs.
>>
>> For this series of patches, some architectures have been merged, some
>> need to update the patch.
>
> Hi Tianjia, I will take care of this during the merge window.
>
> Thanks,
>
> Paolo
>
Hi Paolo,
The following individual patch is the v5 version of 5/7 in this group of
patches.
https://lkml.org/lkml/2020/5/28/106
([v5] KVM: PPC: clean up redundant kvm_run parameters in assembly)
Thanks and best,
Tianjia
^ permalink raw reply
* Re: [PATCH v3] ASoC: fsl_ssi: Fix bclk calculation for mono channel
From: Mark Brown @ 2020-06-16 11:40 UTC (permalink / raw)
To: alsa-devel, timur, tiwai, Xiubo.Lee, nicoleotsuka, Shengjiu Wang,
perex, festevam
Cc: linuxppc-dev, linux-kernel
In-Reply-To: <034eff1435ff6ce300b6c781130cefd9db22ab9a.1592276147.git.shengjiu.wang@nxp.com>
On Tue, 16 Jun 2020 10:53:48 +0800, Shengjiu Wang wrote:
> For mono channel, SSI will switch to Normal mode.
>
> In Normal mode and Network mode, the Word Length Control bits
> control the word length divider in clock generator, which is
> different with I2S Master mode (the word length is fixed to
> 32bit), it should be the value of params_width(hw_params).
>
> [...]
Applied to
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next
Thanks!
[1/1] ASoC: fsl_ssi: Fix bclk calculation for mono channel
commit: ed1220df6e666500ebf58c4f2fccc681941646fb
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying
to this mail.
Thanks,
Mark
^ permalink raw reply
* [PATCH kernel] powerpc/powernv/ioda: Return correct error if TCE level allocation failed
From: Alexey Kardashevskiy @ 2020-06-16 10:42 UTC (permalink / raw)
To: linuxppc-dev; +Cc: Alexey Kardashevskiy
The iommu_table_ops::xchg_no_kill() callback updates TCE. It is quite
possible that not entire table is allocated if it is huge and multilevel
so xchg may also allocate subtables. If failed, it returns H_HARDWARE
for failed allocation and H_TOO_HARD if it needs it but cannot do because
the alloc parameter is "false" (set when called with MMU=off to force
retry with MMU=on).
The problem is that having separate errors only matters in real mode
(MMU=off) but the only caller with alloc="false" does not check the exact
error code and simply returns H_TOO_HARD; and for every other mode
alloc is "true". Also, the function is also called from the ioctl()
handler of the VFIO SPAPR TCE IOMMU subdriver which does not expect
hypervisor error codes (H_xxx) and will expose them to the userspace.
This converts wrong error codes to a simple -1.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
I could make it "return alloc ? -ENOMEM : -EBUSY" but
is EBUSY a good match for H_TOO_HARD?
---
arch/powerpc/platforms/powernv/pci-ioda-tce.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/powernv/pci-ioda-tce.c b/arch/powerpc/platforms/powernv/pci-ioda-tce.c
index f923359d8afc..59d73fdadeb9 100644
--- a/arch/powerpc/platforms/powernv/pci-ioda-tce.c
+++ b/arch/powerpc/platforms/powernv/pci-ioda-tce.c
@@ -166,7 +166,7 @@ int pnv_tce_xchg(struct iommu_table *tbl, long index,
if (!ptce) {
ptce = pnv_tce(tbl, false, idx, alloc);
if (!ptce)
- return alloc ? H_HARDWARE : H_TOO_HARD;
+ return -1;
}
if (newtce & TCE_PCI_WRITE)
--
2.17.1
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox