stuartl/linux-mainline
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux synced 2025-10-17 02:51:39 +10:00
Code Issues Releases Wiki Activity
e0857cf5ac
linux-mainline/security
History
Waiman Long d4eaa28378 mm: add kvfree_sensitive() for freeing sensitive data objects 
For kvmalloc'ed data object that contains sensitive information like
cryptographic keys, we need to make sure that the buffer is always cleared
before freeing it.  Using memset() alone for buffer clearing may not
provide certainty as the compiler may compile it away.  To be sure, the
special memzero_explicit() has to be used.

This patch introduces a new kvfree_sensitive() for freeing those sensitive
data objects allocated by kvmalloc().  The relevant places where
kvfree_sensitive() can be used are modified to use it.

Fixes: 4f0882491a ("KEYS: Avoid false positive ENOMEM error on key read")
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Uladzislau Rezki <urezki@gmail.com>
Link: http://lkml.kernel.org/r/20200407200318.11711-1-longman@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-06-04 19:06:22 -07:00
..
apparmor Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-24 13:47:27 -07:00
bpf
integrity evm: Fix a small race in init_desc() 2020-05-14 19:55:54 -04:00
keys mm: add kvfree_sensitive() for freeing sensitive data objects 2020-06-04 19:06:22 -07:00
loadpin
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid
selinux Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
smack
tomoyo One patch for suppressing coccicheck's warning. 2020-06-02 17:12:07 -07:00
yama sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
commoncap.c exec: Always set cap_ambient in cap_bprm_set_creds 2020-05-26 13:11:00 -05:00
device_cgroup.c
inode.c
Kconfig
Kconfig.hardening
lsm_audit.c
Makefile
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c security: Fix hook iteration for secid_to_secctx 2020-05-20 20:12:07 -07:00