From: roel kluin <roel.kluin@gmail.com>
To: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Mikael Pettersson <mikpe@it.uu.se>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] sha: prevent removal of memset as dead store in sha1_update()
Date: Thu, 25 Feb 2010 17:33:03 +0100 [thread overview]
Message-ID: <25e057c01002250833n1e13391drfcc806df369c5a55@mail.gmail.com> (raw)
In-Reply-To: <84144f021002250816o2c2cef0fke484c7e43256dba4@mail.gmail.com>
On Thu, Feb 25, 2010 at 5:16 PM, Pekka Enberg <penberg@cs.helsinki.fi> wrote:
> On Thu, Feb 25, 2010 at 5:56 PM, Mikael Pettersson <mikpe@it.uu.se> wrote:
>> I fear that the only portable (across compiler versions) and safe
>> solution is to invoke an assembly-coded dummy function with prototype
>>
>> void use(void *p);
>>
>> and rewrite the code above as
>>
>> {
>> u32 temp[...];
>> ...
>> memset(temp, 0, sizeof temp);
>> use(temp);
>> }
>>
>> This forces the compiler to consider the buffer live after the
>> memset, so the memset cannot be eliminated.
>
> So is there some "do not optimize" GCC magic that we could use for a
> memzero_secret() helper function?
>
> Pekka
>
*(volatile char *)p = *(volatile char *)p;
appears to work when called after the memset:
---
inline void ensure_memset(void* p)
{
*(volatile char *)p = *(volatile char *)p;
}
void foo()
{
char password[] = "secret";
password[0]='S';
printf ("Don't show again: %s\n", password);
memset(password, 0, sizeof(password));
ensure_memset(password);
}
int main(int argc, char* argv[])
{
foo();
int i;
char foo3[] = "";
char* bar = &foo3[0];
for (i = -50; i < 50; i++)
printf ("%c.", bar[i]);
printf("\n");
return 0;
}
next prev parent reply other threads:[~2010-02-25 16:33 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-25 15:10 [PATCH] sha: prevent removal of memset as dead store in sha1_update() Roel Kluin
2010-02-25 15:17 ` David Miller
2010-02-25 15:31 ` roel kluin
2010-02-25 15:37 ` David Miller
2010-02-26 11:55 ` Andi Kleen
2010-02-26 14:20 ` Mikael Pettersson
2010-02-26 15:46 ` Mikael Pettersson
2010-02-26 15:55 ` Andi Kleen
2010-02-25 15:56 ` Mikael Pettersson
2010-02-25 16:16 ` Pekka Enberg
2010-02-25 16:29 ` Mikael Pettersson
2010-02-25 16:33 ` roel kluin [this message]
2010-02-25 17:06 ` roel kluin
2010-02-25 16:33 ` Brian Gerst
2010-02-25 17:09 ` Mikael Pettersson
2010-02-25 17:32 ` Brian Gerst
2010-02-25 19:47 ` Roel Kluin
2010-02-25 20:43 ` Roel Kluin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=25e057c01002250833n1e13391drfcc806df369c5a55@mail.gmail.com \
--to=roel.kluin@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mikpe@it.uu.se \
--cc=penberg@cs.helsinki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).