From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: Christophe Leroy <christophe.leroy@c-s.fr>,
Andrew Morton <akpm@linux-foundation.org>,
David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Joe Perches <joe@perches.com>,
Matthew Wilcox <willy@infradead.org>,
David Rientjes <rientjes@google.com>,
linux-mm@kvack.org, keyrings@vger.kernel.org,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-crypto@vger.kernel.org, linux-s390@vger.kernel.org,
linux-pm@vger.kernel.org,
linux-stm32@st-md-mailman.stormreply.com,
linux-arm-kernel@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-mediatek@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org,
virtualization@lists.linux-foundation.org,
netdev@vger.kernel.org, intel-wired-lan@lists.osuosl.org,
linux-ppp@vger.kernel.org, wireguard@lists.zx2c4.com,
linux-wireless@vger.kernel.org, devel@driverdev.osuosl.org,
linux-scsi@vger.kernel.org, target-devel@vger.kernel.org,
linux-btrfs@vger.kernel.org, linux-cifs@vger.kernel.org,
samba-technical@lists.samba.org, linux-fscrypt@vger.kernel.org,
ecryptfs@vger.kernel.org, kasan-dev@googlegroups.com,
linux-bluetooth@vger.kernel.org, linux-wpan@vger.kernel.org,
linux-sctp@vger.kernel.org, linux-nfs@vger.kernel.org,
tipc-discussion@lists.sourceforge.net, cocci@systeme.lip6.fr,
linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 15:37:51 -0400 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: linux-btrfs@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, linux-sctp@vger.kernel.org,
keyrings@vger.kernel.org, kasan-dev@googlegroups.com,
samba-technical@lists.samba.org,
linux-stm32@st-md-mailman.stormreply.com,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org,
intel-wired-lan@lists.osuosl.org,
David Rientjes <rientjes@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-integrity@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Christophe Leroy <christophe.leroy@c-s.fr>,
linux-cifs@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
linux-security-module@vger.kernel.org,
target-devel@vger.kernel.org,
tipc-discussion@lists.sourceforge.net,
linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com,
linux-ppp@vger.kernel.org
Subject: Re: [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 19:37:51 +0000 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 ŕ 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: linux-btrfs@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, linux-sctp@vger.kernel.org,
keyrings@vger.kernel.org, kasan-dev@googlegroups.com,
samba-technical@lists.samba.org,
linux-stm32@st-md-mailman.stormreply.com,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org,
intel-wired-lan@lists.osuosl.org,
David Rientjes <rientjes@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-integrity@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Christophe Leroy <christophe.leroy@c-s.fr>,
linux-cifs@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
linux-security-module@vger.kernel.org,
target-devel@vger.kernel.org,
tipc-discussion@lists.sourceforge.net,
linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com,
linux-ppp@vger.kernel.org
Subject: Re: [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 19:37:51 +0000 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: linux-btrfs@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, linux-sctp@vger.kernel.org,
keyrings@vger.kernel.org, kasan-dev@googlegroups.com,
samba-technical@lists.samba.org,
linux-stm32@st-md-mailman.stormreply.com,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org,
intel-wired-lan@lists.osuosl.org,
David Rientjes <rientjes@google.com>,
linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-integrity@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Christophe Leroy <christophe.leroy@c-s.fr>,
linux-cifs@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
linux-security-module@vger.kernel.org,
target-devel@vger.kernel.org,
tipc-discussion@lists.sourceforge.net,
linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com,
linux-ppp@vger.kernel.org
Subject: Re: [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 15:37:51 -0400 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: linux-btrfs@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, linux-sctp@vger.kernel.org,
keyrings@vger.kernel.org, kasan-dev@googlegroups.com,
samba-technical@lists.samba.org,
linux-stm32@st-md-mailman.stormreply.com,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org,
intel-wired-lan@lists.osuosl.org,
David Rientjes <rientjes@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-integrity@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, linux-cifs@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
linux-security-module@vger.kernel.org,
target-devel@vger.kernel.org,
tipc-discussion@lists.sourceforge.net,
linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com,
linux-ppp@vger.kernel.org
Subject: Re: [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 15:37:51 -0400 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: linux-btrfs@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, linux-sctp@vger.kernel.org,
keyrings@vger.kernel.org, kasan-dev@googlegroups.com,
samba-technical@lists.samba.org,
linux-stm32@st-md-mailman.stormreply.com,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org,
intel-wired-lan@lists.osuosl.org,
David Rientjes <rientjes@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-integrity@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Christophe Leroy <christophe.leroy@c-s.fr>,
linux-cifs@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
linux-security-module@vger.kernel.org,
target-devel@vger.kernel.org,
tipc-discussion@lists.sourceforge.net,
linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com,
linux-ppp@vger.kernel.org
Subject: Re: [Cocci] [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 15:37:51 -0400 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: linux-btrfs@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, linux-sctp@vger.kernel.org,
keyrings@vger.kernel.org, kasan-dev@googlegroups.com,
samba-technical@lists.samba.org,
linux-stm32@st-md-mailman.stormreply.com,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org,
intel-wired-lan@lists.osuosl.org,
David Rientjes <rientjes@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-integrity@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Christophe Leroy <christophe.leroy@c-s.fr>,
linux-cifs@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
linux-security-module@vger.kernel.org,
target-devel@vger.kernel.org,
tipc-discussion@lists.sourceforge.net,
linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com,
linux-ppp@vger.kernel.org
Subject: Re: [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 15:37:51 -0400 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: linux-btrfs@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, linux-sctp@vger.kernel.org,
keyrings@vger.kernel.org, kasan-dev@googlegroups.com,
samba-technical@lists.samba.org,
linux-stm32@st-md-mailman.stormreply.com,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org,
intel-wired-lan@lists.osuosl.org,
David Rientjes <rientjes@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 15:37:51 -0400 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: linux-btrfs@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, linux-sctp@vger.kernel.org,
keyrings@vger.kernel.org, kasan-dev@googlegroups.com,
samba-technical@lists.samba.org,
linux-stm32@st-md-mailman.stormreply.com,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org,
intel-wired-lan@lists.osuosl.org,
David Rientjes <rientjes@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-integrity@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Christophe Leroy <christophe.leroy@c-s.fr>,
linux-cifs@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
linux-security-module@vger.kernel.org,
target-devel@vger.kernel.org,
tipc-discussion@lists.sourceforge.net,
linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com,
linux-ppp@vger.kernel.org
Subject: Re: [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 15:37:51 -0400 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: linux-btrfs@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
virtualization@lists.linux-foundation.org,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, linux-sctp@vger.kernel.org,
keyrings@vger.kernel.org, kasan-dev@googlegroups.com,
samba-technical@lists.samba.org,
linux-stm32@st-md-mailman.stormreply.com,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
cocci@systeme.lip6.fr, linux-wpan@vger.kernel.org,
intel-wired-lan@lists.osuosl.org,
David Rientjes <rientjes@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-pm@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-mediatek@lists.infradead.org,
linux-amlogic@lists.infradead.org,
linux-integrity@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Christophe Leroy <christophe.leroy@c-s.fr>,
linux-cifs@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
linux-security-module@vger.kernel.org,
target-devel@vger.kernel.org,
tipc-discussion@lists.sourceforge.net,
linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org, wireguard@lists.zx2c4.com,
linux-ppp@vger.kernel.org
Subject: Re: [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 15:37:51 -0400 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> .../allwinner/sun8i-ce/sun8i-ce-cipher.c | 19 +++++-------------
>>>> .../allwinner/sun8i-ss/sun8i-ss-cipher.c | 20 +++++--------------
>>>> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 12 +++--------
>>>> drivers/crypto/inside-secure/safexcel_hash.c | 3 +--
>>>> 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> {
>>>> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> + kfree_sensitive(op->key);
>>>> crypto_free_sync_skcipher(op->fallback_tfm);
>>>> pm_runtime_put_sync_suspend(op->ce->dev);
>>>> }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> return -EINVAL;
>>>> }
>>>> - if (op->key) {
>>>> - memzero_explicit(op->key, op->keylen);
>>>> - kfree(op->key);
>>>> - }
>>>> - op->keylen = keylen;
>>>> + kfree_sensitive(op->key);
>>>> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> if (!op->key)
>>>> return -ENOMEM;
>>>> + op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
_______________________________________________
linux-amlogic mailing list
linux-amlogic@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-amlogic
WARNING: multiple messages have this Message-ID (diff)
From: Waiman Long <longman@redhat.com>
To: intel-wired-lan@osuosl.org
Subject: [Intel-wired-lan] [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
Date: Tue, 14 Apr 2020 15:37:51 -0400 [thread overview]
Message-ID: <578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com> (raw)
In-Reply-To: <20200414191601.GZ25468@kitsune.suse.cz>
On 4/14/20 3:16 PM, Michal Such?nek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 ? 00:28, Waiman Long a ?crit?:
>>>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>>>> is no need to call memzero_explicit() before it. Eliminate those
>>>> memzero_explicit() and simplify the call sites. For better correctness,
>>>> the setting of keylen is also moved down after the key pointer check.
>>>>
>>>> Signed-off-by: Waiman Long <longman@redhat.com>
>>>> ---
>>>> ? .../allwinner/sun8i-ce/sun8i-ce-cipher.c????? | 19 +++++-------------
>>>> ? .../allwinner/sun8i-ss/sun8i-ss-cipher.c????? | 20 +++++--------------
>>>> ? drivers/crypto/amlogic/amlogic-gxl-cipher.c?? | 12 +++--------
>>>> ? drivers/crypto/inside-secure/safexcel_hash.c? |? 3 +--
>>>> ? 4 files changed, 14 insertions(+), 40 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> index aa4e8fdc2b32..8358fac98719 100644
>>>> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
>>>> @@ -366,10 +366,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
>>>> ? {
>>>> ????? struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>>>> ? -??? if (op->key) {
>>>> -??????? memzero_explicit(op->key, op->keylen);
>>>> -??????? kfree(op->key);
>>>> -??? }
>>>> +??? kfree_sensitive(op->key);
>>>> ????? crypto_free_sync_skcipher(op->fallback_tfm);
>>>> ????? pm_runtime_put_sync_suspend(op->ce->dev);
>>>> ? }
>>>> @@ -391,14 +388,11 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher
>>>> *tfm, const u8 *key,
>>>> ????????? dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen);
>>>> ????????? return -EINVAL;
>>>> ????? }
>>>> -??? if (op->key) {
>>>> -??????? memzero_explicit(op->key, op->keylen);
>>>> -??????? kfree(op->key);
>>>> -??? }
>>>> -??? op->keylen = keylen;
>>>> +??? kfree_sensitive(op->key);
>>>> ????? op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
>>>> ????? if (!op->key)
>>>> ????????? return -ENOMEM;
>>>> +??? op->keylen = keylen;
>>> Does it matter at all to ensure op->keylen is not set when of->key is
>>> NULL ? I'm not sure.
>>>
>>> But if it does, then op->keylen should be set to 0 when freeing op->key.
>> My thinking is that if memory allocation fails, we just don't touch
>> anything and return an error code. I will not explicitly set keylen to 0
>> in this case unless it is specified in the API documentation.
> You already freed the key by now so not touching anything is not
> possible. The key is set to NULL on allocation failure so setting keylen
> to 0 should be redundant. However, setting keylen to 0 is consisent with
> not having a key, and it avoids the possibility of leaking the length
> later should that ever cause any problem.
OK, I can change it to clear the key length when the allocation failed
which isn't likely.
Cheers,
Longman
next prev parent reply other threads:[~2020-04-14 19:38 UTC|newest]
Thread overview: 219+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-13 21:15 [PATCH 0/2] mm, treewide: Rename kzfree() to kfree_sensitive() Waiman Long
2020-04-13 21:15 ` [Intel-wired-lan] " Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` [Cocci] " Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` [PATCH 1/2] " Waiman Long
2020-04-13 21:15 ` [Intel-wired-lan] " Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` [Cocci] " Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-14 0:29 ` David Rientjes
2020-04-14 0:29 ` [Intel-wired-lan] " David Rientjes
2020-04-14 0:29 ` David Rientjes
2020-04-14 0:29 ` David Rientjes
2020-04-14 0:29 ` David Rientjes
2020-04-14 0:29 ` David Rientjes
2020-04-14 0:29 ` [Cocci] " David Rientjes
2020-04-14 0:29 ` David Rientjes
2020-04-14 0:29 ` David Rientjes
2020-04-14 0:29 ` David Rientjes
2020-04-14 0:29 ` David Rientjes
2020-04-14 8:32 ` Jason A. Donenfeld
2020-04-14 8:32 ` [Intel-wired-lan] " Jason A. Donenfeld
2020-04-14 8:32 ` Jason A. Donenfeld
2020-04-14 8:32 ` Jason A. Donenfeld
2020-04-14 8:32 ` Jason A. Donenfeld
2020-04-14 8:32 ` Jason A. Donenfeld
2020-04-14 8:32 ` [Cocci] " Jason A. Donenfeld
2020-04-14 8:32 ` Jason A. Donenfeld
2020-04-14 8:32 ` Jason A. Donenfeld
2020-04-14 8:32 ` Jason A. Donenfeld
2020-04-14 9:01 ` Michal Hocko
2020-04-14 9:01 ` [Intel-wired-lan] " Michal Hocko
2020-04-14 9:01 ` Michal Hocko
2020-04-14 9:01 ` Michal Hocko
2020-04-14 9:01 ` Michal Hocko
2020-04-14 9:01 ` Michal Hocko
2020-04-14 9:01 ` [Cocci] " Michal Hocko
2020-04-14 9:01 ` Michal Hocko
2020-04-14 9:01 ` Michal Hocko
2020-04-14 9:01 ` Michal Hocko
2020-04-14 12:48 ` David Sterba
2020-04-14 12:48 ` [Intel-wired-lan] " David Sterba
2020-04-14 12:48 ` David Sterba
2020-04-14 12:48 ` David Sterba
2020-04-14 12:48 ` David Sterba
2020-04-14 12:48 ` David Sterba
2020-04-14 12:48 ` [Cocci] " David Sterba
2020-04-14 12:48 ` David Sterba
2020-04-14 12:48 ` David Sterba
2020-04-14 12:48 ` David Sterba
2020-04-14 18:26 ` Waiman Long
2020-04-14 18:26 ` [Intel-wired-lan] " Waiman Long
2020-04-14 18:26 ` Waiman Long
2020-04-14 18:26 ` Waiman Long
2020-04-14 18:26 ` Waiman Long
2020-04-14 18:26 ` Waiman Long
2020-04-14 18:26 ` [Cocci] " Waiman Long
2020-04-14 18:26 ` Waiman Long
2020-04-14 18:26 ` Waiman Long
2020-04-14 18:26 ` Waiman Long
2020-04-15 5:01 ` Johannes Weiner
2020-04-15 5:01 ` [Intel-wired-lan] " Johannes Weiner
2020-04-15 5:01 ` Johannes Weiner
2020-04-15 5:01 ` Johannes Weiner
2020-04-15 5:01 ` Johannes Weiner
2020-04-15 5:01 ` Johannes Weiner
2020-04-15 5:01 ` [Cocci] " Johannes Weiner
2020-04-15 5:01 ` Johannes Weiner
2020-04-15 5:01 ` Johannes Weiner
2020-04-15 5:01 ` Johannes Weiner
2020-06-15 18:07 ` Dan Carpenter
2020-06-15 18:07 ` [Intel-wired-lan] " Dan Carpenter
2020-06-15 18:07 ` Dan Carpenter
2020-06-15 18:07 ` Dan Carpenter
2020-06-15 18:07 ` Dan Carpenter
2020-06-15 18:07 ` Dan Carpenter
2020-06-15 18:07 ` [Cocci] " Dan Carpenter
2020-06-15 18:07 ` Dan Carpenter
2020-06-15 18:07 ` Dan Carpenter
2020-06-15 18:07 ` Dan Carpenter
2020-06-15 18:39 ` Waiman Long
2020-06-15 18:39 ` [Intel-wired-lan] " Waiman Long
2020-06-15 18:39 ` Waiman Long
2020-06-15 18:39 ` Waiman Long
2020-06-15 18:39 ` Waiman Long
2020-06-15 18:39 ` Waiman Long
2020-06-15 18:39 ` [Cocci] " Waiman Long
2020-06-15 18:39 ` Waiman Long
2020-06-15 18:39 ` Waiman Long
2020-06-15 18:39 ` Waiman Long
2020-04-13 21:15 ` [PATCH 2/2] crypto: Remove unnecessary memzero_explicit() Waiman Long
2020-04-13 21:15 ` [Intel-wired-lan] " Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` [Cocci] " Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:15 ` Waiman Long
2020-04-13 21:31 ` Joe Perches
2020-04-13 21:31 ` [Intel-wired-lan] " Joe Perches
2020-04-13 21:31 ` Joe Perches
2020-04-13 21:31 ` Joe Perches
2020-04-13 21:31 ` Joe Perches
2020-04-13 21:31 ` Joe Perches
2020-04-13 21:31 ` [Cocci] " Joe Perches
2020-04-13 21:31 ` Joe Perches
2020-04-13 21:31 ` Joe Perches
2020-04-13 21:31 ` Joe Perches
2020-04-13 21:31 ` Joe Perches
2020-04-13 21:52 ` Waiman Long
2020-04-13 21:52 ` [Intel-wired-lan] " Waiman Long
2020-04-13 21:52 ` Waiman Long
2020-04-13 21:52 ` Waiman Long
2020-04-13 21:52 ` Waiman Long
2020-04-13 21:52 ` Waiman Long
2020-04-13 21:52 ` Waiman Long
2020-04-13 21:52 ` [Cocci] " Waiman Long
2020-04-13 21:52 ` Waiman Long
2020-04-13 21:52 ` Waiman Long
2020-04-13 21:52 ` Waiman Long
2020-04-13 23:07 ` kbuild test robot
2020-04-13 23:50 ` Waiman Long
2020-04-14 0:01 ` kbuild test robot
2020-04-13 22:28 ` [PATCH v2 " Waiman Long
2020-04-13 22:28 ` [Intel-wired-lan] " Waiman Long
2020-04-13 22:28 ` Waiman Long
2020-04-13 22:28 ` Waiman Long
2020-04-13 22:28 ` Waiman Long
2020-04-13 22:28 ` Waiman Long
2020-04-13 22:28 ` [Cocci] " Waiman Long
2020-04-13 22:28 ` Waiman Long
2020-04-13 22:28 ` Waiman Long
2020-04-13 22:28 ` Waiman Long
2020-04-14 6:08 ` Christophe Leroy
2020-04-14 6:08 ` [Intel-wired-lan] " Christophe Leroy
2020-04-14 6:08 ` Christophe Leroy
2020-04-14 6:08 ` Christophe Leroy
2020-04-14 6:08 ` Christophe Leroy
2020-04-14 6:08 ` Christophe Leroy
2020-04-14 6:08 ` [Cocci] " Christophe Leroy
2020-04-14 6:08 ` Christophe Leroy
2020-04-14 6:08 ` Christophe Leroy
2020-04-14 6:08 ` Christophe Leroy
2020-04-14 16:24 ` Waiman Long
2020-04-14 16:24 ` [Intel-wired-lan] " Waiman Long
2020-04-14 16:24 ` Waiman Long
2020-04-14 16:24 ` Waiman Long
2020-04-14 16:24 ` Waiman Long
2020-04-14 16:24 ` Waiman Long
2020-04-14 16:24 ` [Cocci] " Waiman Long
2020-04-14 16:24 ` Waiman Long
2020-04-14 16:24 ` Waiman Long
2020-04-14 16:24 ` Waiman Long
2020-04-14 19:16 ` Michal Suchánek
2020-04-14 19:16 ` [Intel-wired-lan] " Michal =?unknown-8bit?q?Such=C3=A1nek?=
2020-04-14 19:16 ` Michal Suchánek
2020-04-14 19:16 ` Michal Suchánek
2020-04-14 19:16 ` Michal Suchánek
2020-04-14 19:16 ` Michal Suchánek
2020-04-14 19:16 ` [Cocci] " Michal Suchánek
2020-04-14 19:16 ` Michal Suchánek
2020-04-14 19:16 ` Michal Suchánek
2020-04-14 19:16 ` Michal Suchánek
2020-04-14 19:16 ` Michal Suchánek
2020-04-14 19:37 ` Waiman Long [this message]
2020-04-14 19:37 ` [Intel-wired-lan] " Waiman Long
2020-04-14 19:37 ` Waiman Long
2020-04-14 19:37 ` Waiman Long
2020-04-14 19:37 ` Waiman Long
2020-04-14 19:37 ` Waiman Long
2020-04-14 19:37 ` [Cocci] " Waiman Long
2020-04-14 19:37 ` Waiman Long
2020-04-14 19:37 ` Waiman Long
2020-04-14 19:37 ` Waiman Long
2020-04-14 19:37 ` Waiman Long
2020-04-14 19:44 ` Joe Perches
2020-04-14 19:44 ` [Intel-wired-lan] " Joe Perches
2020-04-14 19:44 ` Joe Perches
2020-04-14 19:44 ` Joe Perches
2020-04-14 19:44 ` Joe Perches
2020-04-14 19:44 ` Joe Perches
2020-04-14 19:44 ` [Cocci] " Joe Perches
2020-04-14 19:44 ` Joe Perches
2020-04-14 19:44 ` Joe Perches
2020-04-14 19:44 ` Joe Perches
2020-04-14 19:44 ` Joe Perches
2020-04-14 13:06 ` [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive() David Howells
2020-04-14 13:06 ` [Intel-wired-lan] " David Howells
2020-04-14 13:06 ` David Howells
2020-04-14 13:06 ` David Howells
2020-04-14 13:06 ` David Howells
2020-04-14 13:06 ` David Howells
2020-04-14 13:06 ` [Cocci] " David Howells
2020-04-14 13:06 ` David Howells
2020-04-14 13:06 ` David Howells
2020-04-14 13:06 ` David Howells
2020-04-14 19:29 ` [PATCH v2 3/3] btrfs: Use kfree() in btrfs_ioctl_get_subvol_info() Waiman Long
2020-04-14 19:29 ` Waiman Long
2020-04-14 20:02 ` [PATCH v3 2/3] crypto: Remove unnecessary memzero_explicit() Waiman Long
2020-04-14 20:02 ` Waiman Long
2020-04-14 20:02 ` Waiman Long
2020-04-14 20:02 ` Waiman Long
2020-04-16 9:06 ` Corentin Labbe
2020-04-16 9:06 ` Corentin Labbe
2020-04-16 9:06 ` Corentin Labbe
2020-04-16 9:06 ` Corentin Labbe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=578fe9b6-1ccd-2698-60aa-96c3f2dd2c31@redhat.com \
--to=longman@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=christophe.leroy@c-s.fr \
--cc=cocci@systeme.lip6.fr \
--cc=devel@driverdev.osuosl.org \
--cc=dhowells@redhat.com \
--cc=ecryptfs@vger.kernel.org \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jmorris@namei.org \
--cc=joe@perches.com \
--cc=kasan-dev@googlegroups.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-amlogic@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-mm@kvack.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-ppp@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-stm32@st-md-mailman.stormreply.com \
--cc=linux-wireless@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=msuchanek@suse.de \
--cc=netdev@vger.kernel.org \
--cc=rientjes@google.com \
--cc=samba-technical@lists.samba.org \
--cc=serge@hallyn.com \
--cc=target-devel@vger.kernel.org \
--cc=tipc-discussion@lists.sourceforge.net \
--cc=torvalds@linux-foundation.org \
--cc=virtualization@lists.linux-foundation.org \
--cc=willy@infradead.org \
--cc=wireguard@lists.zx2c4.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.