Commit 453431a5 authored Aug 06, 2020 by Waiman Long Committed by Linus Torvalds Aug 07, 2020

mm, treewide: rename kzfree() to kfree_sensitive()



As said by Linus:

  A symmetric naming is only helpful if it implies symmetries in use.
  Otherwise it's actively misleading.

  In "kzalloc()", the z is meaningful and an important part of what the
  caller wants.

  In "kzfree()", the z is actively detrimental, because maybe in the
  future we really _might_ want to use that "memfill(0xdeadbeef)" or
  something. The "zero" part of the interface isn't even _relevant_.

The main reason that kzfree() exists is to clear sensitive information
that should not be leaked to other future users of the same memory
objects.

Rename kzfree() to kfree_sensitive() to follow the example of the recently
added kvfree_sensitive() and make the intention of the API more explicit.
In addition, memzero_explicit() is used to clear the memory to make sure
that it won't get optimized away by the compiler.

The renaming is done by using the command sequence:

  git grep -w --name-only kzfree |\
  xargs sed -i 's/kzfree/kfree_sensitive/'

followed by some editing of the kfree_sensitive() kerneldoc and adding
a kzfree backward compatibility macro in slab.h.

[akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h]
[akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more]

Suggested-by: Joe Perches <joe@perches.com>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>
Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com


Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 57c720d4

arch/s390/crypto/prng.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -249,7 +249,7 @@ static void prng_tdes_deinstantiate(void)
		{
		pr_debug("The prng module stopped "
		"after running in triple DES mode\n");
		kzfree(prng_data);
		kfree_sensitive(prng_data);
		}


		@@ -442,7 +442,7 @@ outfree:
		static void prng_sha512_deinstantiate(void)
		{
		pr_debug("The prng module stopped after running in SHA-512 mode\n");
		kzfree(prng_data);
		kfree_sensitive(prng_data);
		}

arch/x86/power/hibernate.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -98,7 +98,7 @@ static int get_e820_md5(struct e820_table table, void buf)
		if (crypto_shash_digest(desc, (u8 *)table, size, buf))
		ret = -EINVAL;

		kzfree(desc);
		kfree_sensitive(desc);

		free_tfm:
		crypto_free_shash(tfm);

crypto/adiantum.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -177,7 +177,7 @@ static int adiantum_setkey(struct crypto_skcipher tfm, const u8 key,
		keyp += NHPOLY1305_KEY_SIZE;
		WARN_ON(keyp != &data->derived_keys[ARRAY_SIZE(data->derived_keys)]);
		out:
		kzfree(data);
		kfree_sensitive(data);
		return err;
		}

crypto/ahash.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -183,7 +183,7 @@ static int ahash_setkey_unaligned(struct crypto_ahash tfm, const u8 key,
		alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
		memcpy(alignbuffer, key, keylen);
		ret = tfm->setkey(tfm, alignbuffer, keylen);
		kzfree(buffer);
		kfree_sensitive(buffer);
		return ret;
		}

		@@ -302,7 +302,7 @@ static void ahash_restore_req(struct ahash_request *req, int err)
		req->priv = NULL;

		/* Free the req->priv.priv from the ADJUSTED request. */
		kzfree(priv);
		kfree_sensitive(priv);
		}

		static void ahash_notify_einprogress(struct ahash_request *req)

crypto/api.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -571,7 +571,7 @@ void crypto_destroy_tfm(void mem, struct crypto_tfm tfm)
		alg->cra_exit(tfm);
		crypto_exit_ops(tfm);
		crypto_mod_put(alg);
		kzfree(mem);
		kfree_sensitive(mem);
		}
		EXPORT_SYMBOL_GPL(crypto_destroy_tfm);

Admin message