lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <170f287e-23b1-468b-9b59-08680de1ecf1@linux.intel.com>
Date: Mon, 12 May 2025 14:53:12 +0200
From: Dawid Osuchowski <dawid.osuchowski@...ux.intel.com>
To: Zilin Guan <zilin@....edu.cn>, anthony.l.nguyen@...el.com
Cc: przemyslaw.kitszel@...el.com, andrew+netdev@...n.ch, davem@...emloft.net,
 edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
 intel-wired-lan@...ts.osuosl.org, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, jianhao.xu@....edu.cn
Subject: Re: [PATCH] ixgbe/ipsec: use memzero_explicit() for stack SA structs

On 2025-05-12 12:58 PM, Zilin Guan wrote:
> The function ixgbe_ipsec_add_sa() currently uses memset() to zero out
> stack-allocated SA structs (rsa and tsa) before return, but the gcc-11.4.0
> compiler optimizes these calls away. This leaves sensitive key and salt
> material on the stack after return.
> 
> Replace these memset() calls with memzero_explicit() to prevent the
> compiler from optimizing them away. This guarantees that the SA key and
> salt are reliably cleared from the stack.
> 
> Signed-off-by: Zilin Guan <zilin@....edu.cn>

Thanks for your patch.

Please use the correct target iwl-net for fixes, iwl-next for features 
and others.

Maybe add a tag? Fixes: 63a67fe229ea ("ixgbe: add ipsec offload add and 
remove SA")

In the future when sending patches against Intel networking drivers 
please send them directly To: intel-wired-lan@...ts.osuosl.org and Cc: 
netdev@...r.kernel.org.

> ---
>   drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> index 07ea1954a276..e8c84f7e937b 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> @@ -678,7 +678,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
>   		} else {
>   			/* no match and no empty slot */
>   			NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx IP SA table");
> -			memset(&rsa, 0, sizeof(rsa));
> +			memzero_explicit(&rsa, sizeof(rsa));
>   			return -ENOSPC;
>   		}
>   
> @@ -727,7 +727,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
>   		ret = ixgbe_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);
>   		if (ret) {
>   			NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Tx SA table");
> -			memset(&tsa, 0, sizeof(tsa));
> +			memzero_explicit(&tsa, sizeof(tsa));

As for the code change itself, LGTM.

Acked-by: Dawid Osuchowski <dawid.osuchowski@...ux.intel.com>

Thanks,
Dawid

>   			return ret;
>   		}
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ