Re: [PATCH v2 1/6] crypto: Use memzero_explicit() for clearing state

From: Arvind Sankar
Date: Fri Oct 23 2020 - 11:39:33 EST

Next message: Konstantin Komarov: "[PATCH v10 00/10] NTFS read-write driver GPL implementation by Paragon Software"
Previous message: Michael S. Tsirkin: "[GIT PULL] vhost,vdpa,virtio: cleanups, fixes"
In reply to: Eric Biggers: "Re: [PATCH v2 1/6] crypto: Use memzero_explicit() for clearing state"
Next in thread: Eric Biggers: "Re: [PATCH v2 1/6] crypto: Use memzero_explicit() for clearing state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 21, 2020 at 09:36:33PM -0700, Eric Biggers wrote:
> On Tue, Oct 20, 2020 at 04:39:52PM -0400, Arvind Sankar wrote:
> > Without the barrier_data() inside memzero_explicit(), the compiler may
> > optimize away the state-clearing if it can tell that the state is not
> > used afterwards. At least in lib/crypto/sha256.c:__sha256_final(), the
> > function can get inlined into sha256(), in which case the memset is
> > optimized away.
> >
> > Signed-off-by: Arvind Sankar <nivedita@xxxxxxxxxxxx>
>
> Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> Maybe get the one in arch/arm64/crypto/sha3-ce-glue.c too?
>
> - Eric

Hm, there are a few more as well like that. But now I'm thinking it's
only the generic sha256.c that may be problematic. The rest of them are
in _final() functions which will be stored as function pointers in a
structure, so there should be no risk of them getting optimized away?

Next message: Konstantin Komarov: "[PATCH v10 00/10] NTFS read-write driver GPL implementation by Paragon Software"
Previous message: Michael S. Tsirkin: "[GIT PULL] vhost,vdpa,virtio: cleanups, fixes"
In reply to: Eric Biggers: "Re: [PATCH v2 1/6] crypto: Use memzero_explicit() for clearing state"
Next in thread: Eric Biggers: "Re: [PATCH v2 1/6] crypto: Use memzero_explicit() for clearing state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]