From: Daniel Borkmann <daniel@iogearbox.net>
To: mancha security <mancha1@zoho.com>
Cc: herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
Theodore Ts'o <tytso@mit.edu>,
Stephan Mueller <smueller@chronox.de>,
Hannes Frederic Sowa <hannes@stressinduktion.org>,
Mark Charlebois <charlebm@gmail.com>,
Behan Webster <behanw@converseincode.com>
Subject: Re: [PATCH crypto-2.6] lib: make memzero_explicit more robust against dead store elimination
Date: Wed, 29 Apr 2015 16:01:19 +0200 [thread overview]
Message-ID: <5540E42F.70607@iogearbox.net> (raw)
In-Reply-To: <20150429130816.GA8526@zoho.com>
On 04/29/2015 03:08 PM, mancha security wrote:
...
> By the way, has anyone been able to verify that __memory_barrier
> provides DSE protection under various optimizations? Unfortunately, I
> don't have ready access to ICC at the moment or I'd test it myself.
Never used icc, but it looks like it's free for open source projects;
I can give it a try, but in case you're faster than I am, feel free
to post results here.
From what I see based on the code, i.e. after that buggy cleanup
commit ...
commit 73679e50820123ebdedc67ebcda4562d1d6e4aba
Author: Pranith Kumar <bobby.prani@gmail.com>
Date: Tue Apr 15 12:05:22 2014 -0400
compiler-intel.h: Remove duplicate definition
barrier is already defined as __memory_barrier in compiler.h
Remove this unnecessary redefinition.
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Link: http://lkml.kernel.org/r/CAJhHMCAnYPy0%2BqD-1KBnJPLt3XgAjdR12j%2BySSnPgmZcpbE7HQ@mail.gmail.com
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
... it looks like it's currently using the _same_ gcc inline asm
for the barrier on icc instead of what that commit intended to do.
So funny enough, we don't actually use __memory_barrier() at the
moment. ;)
Nonetheless, having a look might be good.
next prev parent reply other threads:[~2015-04-29 14:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-28 15:22 [PATCH crypto-2.6] lib: make memzero_explicit more robust against dead store elimination Daniel Borkmann
2015-04-28 21:37 ` Stephan Mueller
2015-04-29 13:08 ` mancha security
2015-04-29 14:01 ` Daniel Borkmann [this message]
2015-04-29 14:54 ` mancha security
2015-04-29 23:43 ` Daniel Borkmann
2015-04-30 6:17 ` mancha security
2015-04-29 14:56 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5540E42F.70607@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=behanw@converseincode.com \
--cc=charlebm@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=mancha1@zoho.com \
--cc=smueller@chronox.de \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.