| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Oct 2019 16:22:30 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Hans de Goede <hdegoede@...hat.com>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H . Peter Anvin" <hpa@...or.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
linux-crypto@...r.kernel.org, x86@...nel.org,
linux-kernel@...r.kernel.org,
Arvind Sankar <nivedita@...m.mit.edu>,
Stephan Mueller <smueller@...onox.de>
Subject: Re: [PATCH v2 5.4 regression fix] x86/boot: Provide memzero_explicit
* Hans de Goede <hdegoede@...hat.com> wrote:
> Hi,
>
> On 07-10-2019 16:00, Ingo Molnar wrote:
> >
> > * Hans de Goede <hdegoede@...hat.com> wrote:
> >
> > > The purgatory code now uses the shared lib/crypto/sha256.c sha256
> > > implementation. This needs memzero_explicit, implement this.
> > >
> > > Reported-by: Arvind Sankar <nivedita@...m.mit.edu>
> > > Fixes: 906a4bb97f5d ("crypto: sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit")
> > > Signed-off-by: Hans de Goede <hdegoede@...hat.com>
> > > ---
> > > Changes in v2:
> > > - Add barrier_data() call after the memset, making the function really
> > > explicit. Using barrier_data() works fine in the purgatory (build)
> > > environment.
> > > ---
> > > arch/x86/boot/compressed/string.c | 6 ++++++
> > > 1 file changed, 6 insertions(+)
> > >
> > > diff --git a/arch/x86/boot/compressed/string.c b/arch/x86/boot/compressed/string.c
> > > index 81fc1eaa3229..654a7164a702 100644
> > > --- a/arch/x86/boot/compressed/string.c
> > > +++ b/arch/x86/boot/compressed/string.c
> > > @@ -50,6 +50,12 @@ void *memset(void *s, int c, size_t n)
> > > return s;
> > > }
> > > +void memzero_explicit(void *s, size_t count)
> > > +{
> > > + memset(s, 0, count);
> > > + barrier_data(s);
> > > +}
> >
> > So the barrier_data() is only there to keep LTO from optimizing out the
> > seemingly unused function?
>
> I believe that Stephan Mueller (who suggested adding the barrier)
> was also worried about people using this as an example for other
> "explicit" functions which actually might get inlined.
>
> This is not so much about protecting against LTO as it is against
> protecting against inlining, which in this case boils down to the
> same thing. Also this change makes the arch/x86/boot/compressed/string.c
> and lib/string.c versions identical which seems like a good thing to me
> (except for the code duplication part of it).
>
> But I agree a comment would be good, how about:
>
> void memzero_explicit(void *s, size_t count)
> {
> memset(s, 0, count);
> /* Avoid the memset getting optimized away if we ever get inlined */
> barrier_data(s);
> }
Well, the standard construct for preventing inlining would be 'noinline',
right? Any reason that wouldn't work?
Thanks,
Ingo
Powered by blists - more mailing lists