From: roel kluin <roel.kluin@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: herbert@gondor.apana.org.au, mikpe@it.uu.se,
linux-crypto@vger.kernel.org, akpm@linux-foundation.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] sha: prevent removal of memset as dead store in sha1_update()
Date: Thu, 25 Feb 2010 16:31:36 +0100 [thread overview]
Message-ID: <25e057c01002250731q68bb9e28ld009163f2a009f48@mail.gmail.com> (raw)
In-Reply-To: <20100225.071759.98314060.davem@davemloft.net>
On Thu, Feb 25, 2010 at 4:17 PM, David Miller <davem@davemloft.net> wrote:
> From: Roel Kluin <roel.kluin@gmail.com>
> Date: Thu, 25 Feb 2010 16:10:27 +0100
>
>> Due to optimization A call to memset() may be removed as a dead store when
>> the buffer is not used after its value is overwritten.
>>
>> Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
>
> Solution is wrong and overkill in my mind.
>
> It's overkill because the whole reason it's using a stack buffer is to
> avoid the overhead of a kmalloc() call.
>
> And it's wrong because the reason the memset() is there seems to be
> to clear out key information that might exist kernel stack so that
> it's more difficult for rogue code to get at things.
If the memset is optimized away then the clear out does not occur. Do you
know a different way to fix this? I observed this with:
$ gcc -O2 test.c;./a.out
and It shows (on my box) "...S.e.c.r.e.t..."
$ cat test.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define ON_STACK 1
void foo()
{
char password[] = "secret";
password[0]='S';
printf ("Don't show again: %s\n", password);
memset(password, 0, sizeof(password));
}
void foo2()
{
char* password = malloc(7);
strncpy (password, "secret" , 7);
password[6] = '\0';
password[0] = 'S';
printf ("Don't show again: %s\n", password);
//memset(password, 0, 7);
free(password);
}
int main(int argc, char* argv[])
{
#if ON_STACK == 1
foo();
#else
foo2();
#endif
int i;
char foo3[] = "hoi";
printf ("foo1:%s\n", foo3);
char* bar = &foo3[0];
for (i = -50; i < 50; i++)
printf ("%c.", bar[i]);
printf("\n");
return 0;
}
next prev parent reply other threads:[~2010-02-25 15:31 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-25 15:10 [PATCH] sha: prevent removal of memset as dead store in sha1_update() Roel Kluin
2010-02-25 15:17 ` David Miller
2010-02-25 15:31 ` roel kluin [this message]
2010-02-25 15:37 ` David Miller
2010-02-26 11:55 ` Andi Kleen
2010-02-26 14:20 ` Mikael Pettersson
2010-02-26 15:46 ` Mikael Pettersson
2010-02-26 15:55 ` Andi Kleen
2010-02-25 15:56 ` Mikael Pettersson
2010-02-25 16:16 ` Pekka Enberg
2010-02-25 16:29 ` Mikael Pettersson
2010-02-25 16:33 ` roel kluin
2010-02-25 17:06 ` roel kluin
2010-02-25 16:33 ` Brian Gerst
2010-02-25 17:09 ` Mikael Pettersson
2010-02-25 17:32 ` Brian Gerst
2010-02-25 19:47 ` Roel Kluin
2010-02-25 20:43 ` Roel Kluin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=25e057c01002250731q68bb9e28ld009163f2a009f48@mail.gmail.com \
--to=roel.kluin@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mikpe@it.uu.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).