From: Eric Biggers <ebiggers@kernel.org>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
qat-linux@intel.com, vdronov@redhat.com, stable@vger.kernel.org,
Adam Guerin <adam.guerin@intel.com>,
Wojciech Ziemba <wojciech.ziemba@intel.com>
Subject: Re: [PATCH 07/12] crypto: qat - set to zero DH parameters before free
Date: Sat, 7 May 2022 11:52:08 -0700 [thread overview]
Message-ID: <Yna/2Iwdr8zcwi+q@sol.localdomain> (raw)
In-Reply-To: <YnUzsAQd682pJjMt@kroah.com>
On Fri, May 06, 2022 at 04:41:52PM +0200, Greg KH wrote:
> On Fri, May 06, 2022 at 11:01:17AM +0100, Giovanni Cabiddu wrote:
> > On Fri, May 06, 2022 at 11:23:50AM +0200, Greg KH wrote:
> > > On Fri, May 06, 2022 at 09:23:22AM +0100, Giovanni Cabiddu wrote:
> > > > Set to zero the DH context buffers containing the DH key before they are
> > > > freed.
> > >
> > > That says what, but not why.
> > >
> > > > Cc: stable@vger.kernel.org
> > > > Fixes: c9839143ebbf ("crypto: qat - Add DH support")
> > > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > > > ---
> > > > drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
> > > > 1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > index d75eb77c9fb9..2fec89b8a188 100644
> > > > --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
> > > > static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
> > > > {
> > > > if (ctx->g) {
> > > > + memzero_explicit(ctx->g, ctx->p_size);
> > > > dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
> > >
> > > Why is a memset() not sufficient here?
> > Based on the previous conversation a memset() should be sufficient.
> >
> > > And what is this solving? Who would get this stale data?
> > This is to make sure the buffer containing sensitive data (i.e. a key)
> > is not leaked out by a subsequent allocation.
>
> But as all sane distros have CONFIG_INIT_ON_ALLOC_DEFAULT_ON enabled,
> right? That should handle any worries you have with secrets being on
> the heap. But even then, are you trying to protect yourself against
> other kernel modules? Think this through...
>
This patch looks fine to me; it's always recommended to zero out crypto keys at
the end of their lifetime so that they can't be recovered from free memory if
system memory is compromised before the memory happens to be allocated and
overwritten again. See the hundreds of existing callers of kfree_sensitive(),
which exist for exactly this reason.
Note that preventing the key from being "leaked out by a subsequent allocation"
is *not* the point, and thus CONFIG_INIT_ON_ALLOC_DEFAULT_ON is irrelevant.
- Eric
next prev parent reply other threads:[~2022-05-07 18:52 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 01/12] crypto: qat - use pre-allocated buffers in datapath Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 02/12] crypto: qat - refactor submission logic Giovanni Cabiddu
2022-05-06 9:24 ` Greg KH
2022-05-06 9:38 ` Giovanni Cabiddu
2022-05-06 9:40 ` Greg KH
2022-05-06 8:23 ` [PATCH 03/12] crypto: qat - add backlog mechanism Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 04/12] crypto: qat - fix memory leak in RSA Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 05/12] crypto: qat - remove dma_free_coherent() for RSA Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 06/12] crypto: qat - remove dma_free_coherent() for DH Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 07/12] crypto: qat - set to zero DH parameters before free Giovanni Cabiddu
2022-05-06 9:23 ` Greg KH
2022-05-06 10:01 ` Giovanni Cabiddu
2022-05-06 14:41 ` Greg KH
2022-05-07 18:52 ` Eric Biggers [this message]
2022-05-09 8:58 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 08/12] crypto: qat - add param check for RSA Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 09/12] crypto: qat - add param check for DH Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 10/12] crypto: qat - use memzero_explicit() for algs Giovanni Cabiddu
2022-05-06 9:22 ` Greg KH
2022-05-06 9:54 ` Giovanni Cabiddu
2022-05-06 14:38 ` Greg KH
2022-05-09 8:50 ` Giovanni Cabiddu
2022-05-09 9:42 ` Greg KH
2022-05-06 8:23 ` [PATCH 11/12] crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 12/12] crypto: qat - re-enable registration of algorithms Giovanni Cabiddu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yna/2Iwdr8zcwi+q@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=adam.guerin@intel.com \
--cc=giovanni.cabiddu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=qat-linux@intel.com \
--cc=stable@vger.kernel.org \
--cc=vdronov@redhat.com \
--cc=wojciech.ziemba@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox