|| ||Pekka Enberg <penberg-AT-cs.helsinki.fi> |
|| ||"Larry H." <research-AT-subreption.com> |
|| ||Re: [patch 0/5] Support for sanitization flag in low-level page allocator |
|| ||Sat, 30 May 2009 10:53:37 +0300|
|| ||Alan Cox <alan-AT-lxorguk.ukuu.org.uk>, Ingo Molnar <mingo-AT-elte.hu>,
Rik van Riel <riel-AT-redhat.com>, linux-kernel-AT-vger.kernel.org,
Linus Torvalds <torvalds-AT-osdl.org>, linux-mm-AT-kvack.org,
Ingo Molnar <mingo-AT-redhat.com>, pageexec-AT-freemail.hu,
Linus Torvalds <torvalds-AT-linux-foundation.org>|
|| ||Article, Thread
On 10:35 Sat 30 May, Pekka Enberg wrote:
>> The GFP_SENSITIVE flag looks like a big hammer that we don't really
>> need IMHO. It seems to me that most of the actual call-sites (crypto
>> code, wireless keys, etc.) should probably just use kzfree()
>> unconditionally to make sure we don't leak sensitive data. I did not
>> look too closely but I don't think any of the sensitive kfree() calls
>> are in fastpaths so the performance impact is negligible.
Larry H. wrote:
> That's hopeless, and kzfree is broken. Like I said in my earlier reply,
> please test that yourself to see the results. Whoever wrote that ignored
> how SLAB/SLUB work and if kzfree had been used somewhere in the kernel
> before, it should have been noticed long time ago.
An open-coded version of kzfree was being used in the kernel:
Can we now get to the part where you explain how it's broken because I
obviously "ignored how SLAB/SLUB works"?
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to firstname.lastname@example.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"email@example.com"> firstname.lastname@example.org </a>
to post comments)