[PATCH 0/2] mm, treewide: Rename kzfree() to kfree_sensitive()
Waiman Long
longman at redhat.com
Mon Apr 13 21:15:48 UTC 2020
This patchset makes a global rename of the kzfree() to kfree_sensitive()
to highlight the fact buffer clearing is only needed if the data objects
contain sensitive information like encrpytion key. The fact that kzfree()
uses memset() to do the clearing isn't totally safe either as compiler
may compile out the clearing in their optimizer. Instead, the new
kfree_sensitive() uses memzero_explicit() which won't get compiled out.
Waiman Long (2):
mm, treewide: Rename kzfree() to kfree_sensitive()
crypto: Remove unnecessary memzero_explicit()
arch/s390/crypto/prng.c | 4 +--
arch/x86/power/hibernate.c | 2 +-
crypto/adiantum.c | 2 +-
crypto/ahash.c | 4 +--
crypto/api.c | 2 +-
crypto/asymmetric_keys/verify_pefile.c | 4 +--
crypto/deflate.c | 2 +-
crypto/drbg.c | 10 +++---
crypto/ecc.c | 8 ++---
crypto/ecdh.c | 2 +-
crypto/gcm.c | 2 +-
crypto/gf128mul.c | 4 +--
crypto/jitterentropy-kcapi.c | 2 +-
crypto/rng.c | 2 +-
crypto/rsa-pkcs1pad.c | 6 ++--
crypto/seqiv.c | 2 +-
crypto/shash.c | 2 +-
crypto/skcipher.c | 2 +-
crypto/testmgr.c | 6 ++--
crypto/zstd.c | 2 +-
.../allwinner/sun8i-ce/sun8i-ce-cipher.c | 17 +++-------
.../allwinner/sun8i-ss/sun8i-ss-cipher.c | 18 +++-------
drivers/crypto/amlogic/amlogic-gxl-cipher.c | 14 +++-----
drivers/crypto/atmel-ecc.c | 2 +-
drivers/crypto/caam/caampkc.c | 28 +++++++--------
drivers/crypto/cavium/cpt/cptvf_main.c | 6 ++--
drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 12 +++----
drivers/crypto/cavium/nitrox/nitrox_lib.c | 4 +--
drivers/crypto/cavium/zip/zip_crypto.c | 6 ++--
drivers/crypto/ccp/ccp-crypto-rsa.c | 6 ++--
drivers/crypto/ccree/cc_aead.c | 4 +--
drivers/crypto/ccree/cc_buffer_mgr.c | 4 +--
drivers/crypto/ccree/cc_cipher.c | 6 ++--
drivers/crypto/ccree/cc_hash.c | 8 ++---
drivers/crypto/ccree/cc_request_mgr.c | 2 +-
drivers/crypto/inside-secure/safexcel_hash.c | 3 +-
drivers/crypto/marvell/cesa/hash.c | 2 +-
.../crypto/marvell/octeontx/otx_cptvf_main.c | 6 ++--
.../marvell/octeontx/otx_cptvf_reqmgr.h | 2 +-
drivers/crypto/mediatek/mtk-aes.c | 2 +-
drivers/crypto/nx/nx.c | 4 +--
drivers/crypto/virtio/virtio_crypto_algs.c | 12 +++----
drivers/crypto/virtio/virtio_crypto_core.c | 2 +-
drivers/md/dm-crypt.c | 34 +++++++++----------
drivers/md/dm-integrity.c | 6 ++--
drivers/misc/ibmvmc.c | 6 ++--
.../hisilicon/hns3/hns3pf/hclge_mbx.c | 2 +-
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 ++--
drivers/net/ppp/ppp_mppe.c | 6 ++--
drivers/net/wireguard/noise.c | 4 +--
drivers/net/wireguard/peer.c | 2 +-
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 +-
.../net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 ++--
drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 6 ++--
drivers/net/wireless/intersil/orinoco/wext.c | 4 +--
drivers/s390/crypto/ap_bus.h | 4 +--
drivers/staging/ks7010/ks_hostif.c | 2 +-
drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
drivers/staging/wlan-ng/p80211netdev.c | 2 +-
drivers/target/iscsi/iscsi_target_auth.c | 2 +-
fs/btrfs/ioctl.c | 2 +-
fs/cifs/cifsencrypt.c | 2 +-
fs/cifs/connect.c | 10 +++---
fs/cifs/dfs_cache.c | 2 +-
fs/cifs/misc.c | 8 ++---
fs/crypto/keyring.c | 6 ++--
fs/crypto/keysetup_v1.c | 4 +--
fs/ecryptfs/keystore.c | 4 +--
fs/ecryptfs/messaging.c | 2 +-
include/crypto/aead.h | 2 +-
include/crypto/akcipher.h | 2 +-
include/crypto/gf128mul.h | 2 +-
include/crypto/hash.h | 2 +-
include/crypto/internal/acompress.h | 2 +-
include/crypto/kpp.h | 2 +-
include/crypto/skcipher.h | 2 +-
include/linux/slab.h | 2 +-
lib/mpi/mpiutil.c | 6 ++--
lib/test_kasan.c | 6 ++--
mm/slab_common.c | 10 +++---
net/atm/mpoa_caches.c | 4 +--
net/bluetooth/ecdh_helper.c | 6 ++--
net/bluetooth/smp.c | 24 ++++++-------
net/core/sock.c | 2 +-
net/ipv4/tcp_fastopen.c | 2 +-
net/mac80211/aead_api.c | 4 +--
net/mac80211/aes_gmac.c | 2 +-
net/mac80211/key.c | 2 +-
net/mac802154/llsec.c | 20 +++++------
net/sctp/auth.c | 2 +-
net/sctp/socket.c | 2 +-
net/sunrpc/auth_gss/gss_krb5_crypto.c | 4 +--
net/sunrpc/auth_gss/gss_krb5_keys.c | 6 ++--
net/sunrpc/auth_gss/gss_krb5_mech.c | 2 +-
net/tipc/crypto.c | 10 +++---
net/wireless/core.c | 2 +-
net/wireless/ibss.c | 4 +--
net/wireless/lib80211_crypt_tkip.c | 2 +-
net/wireless/lib80211_crypt_wep.c | 2 +-
net/wireless/nl80211.c | 24 ++++++-------
net/wireless/sme.c | 6 ++--
net/wireless/util.c | 2 +-
net/wireless/wext-sme.c | 2 +-
scripts/coccinelle/free/devm_free.cocci | 4 +--
scripts/coccinelle/free/ifnullfree.cocci | 4 +--
scripts/coccinelle/free/kfree.cocci | 6 ++--
scripts/coccinelle/free/kfreeaddr.cocci | 2 +-
security/apparmor/domain.c | 4 +--
security/apparmor/include/file.h | 2 +-
security/apparmor/policy.c | 24 ++++++-------
security/apparmor/policy_ns.c | 6 ++--
security/apparmor/policy_unpack.c | 14 ++++----
security/keys/big_key.c | 6 ++--
security/keys/dh.c | 14 ++++----
security/keys/encrypted-keys/encrypted.c | 14 ++++----
security/keys/trusted-keys/trusted_tpm1.c | 34 +++++++++----------
security/keys/user_defined.c | 6 ++--
117 files changed, 332 insertions(+), 358 deletions(-)
--
2.18.1
More information about the Linux-security-module-archive
mailing list