diff mbox series

[1/8] Replace memset() with memzero_explicit()

Message ID CACXcFm=kwziZ5Etdevu0uq_t5qy0NbGY753WfLvnwkMqtU9Tvg@mail.gmail.com (mailing list archive)
State Changes Requested
Delegated to: Herbert Xu
Headers show
Series memset() in crypto code | expand

Commit Message

Sandy Harris Nov. 16, 2021, 11:25 a.m. UTC
Replace memset(address,0,bytes) which may be optimised away
with memzero_explicit(address,bytes) which resists
such optimisation

---
 crypto/des_generic.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


--

Comments

Greg Kroah-Hartman Nov. 16, 2021, 11:49 a.m. UTC | #1
On Tue, Nov 16, 2021 at 07:25:22PM +0800, Sandy Harris wrote:
> Replace memset(address,0,bytes) which may be optimised away
> with memzero_explicit(address,bytes) which resists
> such optimisation
> 
> ---
>  crypto/des_generic.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/crypto/des_generic.c b/crypto/des_generic.c
> index c85354a5e94c..105a32e7afea 100644
> --- a/crypto/des_generic.c
> +++ b/crypto/des_generic.c
> @@ -30,7 +30,7 @@ static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
>              err = 0;
>      }
>      if (err)
> -        memset(dctx, 0, sizeof(*dctx));
> +        memzero_explicit(dctx, sizeof(*dctx));
>      return err;
>  }
> 
> @@ -62,7 +62,7 @@ static int des3_ede_setkey(struct crypto_tfm *tfm,
> const u8 *key,
>              err = 0;
>      }
>      if (err)
> -        memset(dctx, 0, sizeof(*dctx));
> +        memzero_explicit(dctx, sizeof(*dctx));
>      return err;
>  }
> 
> --

Hi,

This is the friendly patch-bot of Greg Kroah-Hartman.  You have sent him
a patch that has triggered this response.  He used to manually respond
to these common problems, but in order to save his sanity (he kept
writing the same thing over and over, yet to different people), I was
created.  Hopefully you will not take offence and will fix the problem
in your patch and resubmit it so that it can be accepted into the Linux
kernel tree.

You are receiving this message because of the following common error(s)
as indicated below:

- Your patch does not have a Signed-off-by: line.  Please read the
  kernel file, Documentation/SubmittingPatches and resend it after
  adding that line.  Note, the line needs to be in the body of the
  email, before the patch, not at the bottom of the patch or in the
  email signature.

- You did not write a descriptive Subject: for the patch, allowing Greg,
  and everyone else, to know what this patch is all about.  Please read
  the section entitled "The canonical patch format" in the kernel file,
  Documentation/SubmittingPatches for what a proper Subject: line should
  look like.

If you wish to discuss this problem further, or you have questions about
how to resolve this issue, please feel free to respond to this email and
Greg will reply once he has dug out from the pending patches received
from other developers.

thanks,

greg k-h's patch email bot
Greg Kroah-Hartman Nov. 16, 2021, 11:50 a.m. UTC | #2
On Tue, Nov 16, 2021 at 07:25:22PM +0800, Sandy Harris wrote:
> Replace memset(address,0,bytes) which may be optimised away
> with memzero_explicit(address,bytes) which resists
> such optimisation
> 
> ---
>  crypto/des_generic.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/crypto/des_generic.c b/crypto/des_generic.c
> index c85354a5e94c..105a32e7afea 100644
> --- a/crypto/des_generic.c
> +++ b/crypto/des_generic.c
> @@ -30,7 +30,7 @@ static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
>              err = 0;
>      }
>      if (err)
> -        memset(dctx, 0, sizeof(*dctx));
> +        memzero_explicit(dctx, sizeof(*dctx));
>      return err;
>  }
> 
> @@ -62,7 +62,7 @@ static int des3_ede_setkey(struct crypto_tfm *tfm,
> const u8 *key,
>              err = 0;
>      }
>      if (err)
> -        memset(dctx, 0, sizeof(*dctx));
> +        memzero_explicit(dctx, sizeof(*dctx));
>      return err;
>  }
> 

Have you looked at the output of the compiler to see if this really is
needed or not?

And what exactly are you zeroing out that could be read afterward
somehow?

thanks,

greg k-h
Greg Kroah-Hartman Nov. 16, 2021, 12:52 p.m. UTC | #3
On Tue, Nov 16, 2021 at 12:50:58PM +0100, Greg Kroah-Hartman wrote:
> On Tue, Nov 16, 2021 at 07:25:22PM +0800, Sandy Harris wrote:
> > Replace memset(address,0,bytes) which may be optimised away
> > with memzero_explicit(address,bytes) which resists
> > such optimisation
> > 
> > ---
> >  crypto/des_generic.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/crypto/des_generic.c b/crypto/des_generic.c
> > index c85354a5e94c..105a32e7afea 100644
> > --- a/crypto/des_generic.c
> > +++ b/crypto/des_generic.c
> > @@ -30,7 +30,7 @@ static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
> >              err = 0;
> >      }
> >      if (err)
> > -        memset(dctx, 0, sizeof(*dctx));
> > +        memzero_explicit(dctx, sizeof(*dctx));
> >      return err;
> >  }
> > 
> > @@ -62,7 +62,7 @@ static int des3_ede_setkey(struct crypto_tfm *tfm,
> > const u8 *key,
> >              err = 0;
> >      }
> >      if (err)
> > -        memset(dctx, 0, sizeof(*dctx));
> > +        memzero_explicit(dctx, sizeof(*dctx));
> >      return err;
> >  }
> > 
> 
> Have you looked at the output of the compiler to see if this really is
> needed or not?

Oh wait, that's not a stack variable, how would this be optimized away
at all?  If it is, that's a HUGE compiler bug.

Is that really happening here?

thanks,

greg k-h
Sandy Harris Nov. 17, 2021, 3:08 a.m. UTC | #4
On Tue, Nov 16, 2021 at 7:51 PM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:

> Have you looked at the output of the compiler to see if this really is
> needed or not?

No. To do that right you'd need to look at (at least) gcc & clang,
multiple architectures (cross-compiled & native) & various levels
of optimisation. I just looked at the C code.

> And what exactly are you zeroing out that could be read afterward
> somehow?

Whatever it is, the person who wrote the code thought it was
worth zeroing out with memset(). The only question is whether
it is safer to use memzero_explicit().

Granted in many cases this will not matter unless the kernel
is compiled at some optimisation level that does cross-function
analysis so it might be "smart" enough to optimise out the
memset(). Also granted it does not matter unless an attacker
can look inside the running kernel & if  he or she has that
level of privilege, then you have much else to worry about.

Still, it seemed safer to me to use memzero_explicit() in
these cases.
Greg Kroah-Hartman Nov. 17, 2021, 6:01 a.m. UTC | #5
On Wed, Nov 17, 2021 at 11:08:45AM +0800, Sandy Harris wrote:
> On Tue, Nov 16, 2021 at 7:51 PM Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> 
> > Have you looked at the output of the compiler to see if this really is
> > needed or not?
> 
> No. To do that right you'd need to look at (at least) gcc & clang,
> multiple architectures (cross-compiled & native) & various levels
> of optimisation. I just looked at the C code.

You should at least look, right?

> > And what exactly are you zeroing out that could be read afterward
> > somehow?
> 
> Whatever it is, the person who wrote the code thought it was
> worth zeroing out with memset(). The only question is whether
> it is safer to use memzero_explicit().
> 
> Granted in many cases this will not matter unless the kernel
> is compiled at some optimisation level that does cross-function
> analysis so it might be "smart" enough to optimise out the
> memset(). Also granted it does not matter unless an attacker
> can look inside the running kernel & if  he or she has that
> level of privilege, then you have much else to worry about.

As Ard said, there should not be any such "optimization" as this is not
something that any non-broken compiler should do.

> Still, it seemed safer to me to use memzero_explicit() in
> these cases.

I do not see why these cases are any different than any other call to
memset() is, because this data is not on the stack so nothing should be
removed by the compiler, right?

thanks,

greg k-h
diff mbox series

Patch

diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index c85354a5e94c..105a32e7afea 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -30,7 +30,7 @@  static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
             err = 0;
     }
     if (err)
-        memset(dctx, 0, sizeof(*dctx));
+        memzero_explicit(dctx, sizeof(*dctx));
     return err;
 }

@@ -62,7 +62,7 @@  static int des3_ede_setkey(struct crypto_tfm *tfm,
const u8 *key,
             err = 0;
     }
     if (err)
-        memset(dctx, 0, sizeof(*dctx));
+        memzero_explicit(dctx, sizeof(*dctx));
     return err;
 }