Received: by 10.223.185.116 with SMTP id b49csp2824789wrg;
        Mon, 5 Mar 2018 09:14:26 -0800 (PST)
X-Google-Smtp-Source: AG47ELvMB12KViv+lbO2rrfeQnpoeraXjqzeHcCJozeEEYhwaJceWHG2Sbym9YdetGeaIYHm2rZE
X-Received: by 2002:a17:902:710f:: with SMTP id a15-v6mr13490491pll.87.1520270065922;
        Mon, 05 Mar 2018 09:14:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520270065; cv=none;
        d=google.com; s=arc-20160816;
        b=qbmXUVU93YVB6jaPFHGoH2cW9dm18uU+NlKGl1FgP0CfOOGIxeL0j9SuueeN8K//8c
         dVb1cDaARetE3NNNtHarkq8W/FUbnGtgGSBQsk7xewrGl6MUDppCTLMhIrL82hiwDkc9
         LhbZRATU9UdC5uWkcZks1S8UQHBB1rHo4bexo/Xb/DZ21XbtWm+EGj+aLWwT1q15vq0k
         jXSt7P3HVHWACcWKjm+oBcEIW3wCAPmocI8vNUgwlHi4v2bdIUn0Wq8++z+UGM58eiqW
         qpnt69seI4WCa7nozatYGySkUKa78FARxqFIxEUSd3b7i/0qiRLNvZenaYNz1KJrt2In
         92RQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=vuyGlTqWOxJFd3HZH0GSH0WCg/bckl8IuyKNxKFyMuM=;
        b=FeCEej3DscsNhKX0JGWvd3zTwzt+Wv/PxRnNxNrFTt4o2DR6A0cIJNvRAWysotyZn1
         uparlVtAfoh34xH4gjXFaEMV34jWu8Tb51CE4Zm4PesVNxKYrO0IM2rApQvhRu2xTDHe
         ug1vUUB/6aN2aVuU0UjltfvSGWPG2tA84obZTExn4u3K62oDrmw6CaLf0jrqSUt7eP6U
         mYR1FkgoRyVWwNQhL9jBsd0ARh1QK/kgrPqlY7L38jodCvlDsGwqp567UOq63mzMzgkN
         NaL39VzmjftlOd3c9dsS4OKVjcqa5CiMtD1bznF0ccuaVNT7KY7FyFbPcC2PIxbsJO17
         STVQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p9si8607633pge.163.2018.03.05.09.14.11;
        Mon, 05 Mar 2018 09:14:25 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752806AbeCERNE (ORCPT <rfc822;zcyberian@gmail.com> + 99 others);
        Mon, 5 Mar 2018 12:13:04 -0500
Received: from mail-it0-f42.google.com ([209.85.214.42]:52157 "EHLO
        mail-it0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752404AbeCERNC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 5 Mar 2018 12:13:02 -0500
Received: by mail-it0-f42.google.com with SMTP id u66so10264085ith.1
        for <linux-kernel@vger.kernel.org>; Mon, 05 Mar 2018 09:13:01 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=vuyGlTqWOxJFd3HZH0GSH0WCg/bckl8IuyKNxKFyMuM=;
        b=Z+W+JC9VkgcHBglMBQ392JqsgVbUQGoKSpvG9Dx4DYsj5gQYXI9hIhogsNdUjR3TKo
         2l6w1CLZHzp1wYc1SwXwrNdY15plwuhz07bsdX3ZmQZ/j7viJvK+oaEJaQ6O9nsX8KtX
         75ML6WCzMBJtAJkDy5dp59HmczMoVigFxjDnwpItCAg8gFyHzajbXs6bIhVxA/nic0Na
         4Ir6PXH2F14JuTFHwHvKo0Xm0tqzqrogwfXT1PmIBHv2diB12/+q9/GM/GxUegxmpzvj
         8erQKq/iPHZW6bb5bC3JxBPDOLk1/nC3o69nCpq7WA1Oj97MayEsR8jl5Mwu3s5sjmC8
         qCLg==
X-Gm-Message-State: AElRT7Gs6XZZhFsip/222bYWoPWWKzVYqqQbkE2Cz/9oPW6QTe9M6mRU
        BeEQaCF3qhAYJkDfS/WUQPVlYA==
X-Received: by 10.36.149.136 with SMTP id m130mr14054477itd.64.1520269617384;
        Mon, 05 Mar 2018 09:06:57 -0800 (PST)
Received: from ?IPv6:2601:602:9802:a8dc::f21a? ([2601:602:9802:a8dc::f21a])
        by smtp.gmail.com with ESMTPSA id z17sm3197531ioe.63.2018.03.05.09.06.55
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 05 Mar 2018 09:06:56 -0800 (PST)
Subject: Re: C tricks for efficient stack zeroing
To:     "Jason A. Donenfeld" <Jason@zx2c4.com>,
        LKML <linux-kernel@vger.kernel.org>
Cc:     pageexec@freemail.hu
References: <CAHmME9phM2+ZrdA8jGxOAVnQSvrcO94ekvcgCH4X1xD8Dndiuw@mail.gmail.com>
From:   Laura Abbott <labbott@redhat.com>
Message-ID: <9c65c2ab-fc82-3d9e-491d-c4d1658d103d@redhat.com>
Date:   Mon, 5 Mar 2018 09:06:55 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <CAHmME9phM2+ZrdA8jGxOAVnQSvrcO94ekvcgCH4X1xD8Dndiuw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 03/02/2018 11:50 AM, Jason A. Donenfeld wrote:
> Hi list,
> 
> I'm writing this email to solicit tricks for efficiently zeroing out
> the stack upon returning from a function. The reason this is often
> desirable is if the stack contains intermediate values that could
> assist in some form of cryptographic attack if compromised at a later
> point in time. It turns out many surprising things could be such an
> aid to an attacker, and so generally it's important to clean things up
> upon returning.
> 
> Often times complicated cryptographic functions -- say elliptic curve
> scalar multiplication -- use a decent amount of stack (say, 1k or 2k),
> with a variety of functions, and then copy a result into a return
> argument. Imagine a call graph like this:
> 
> do_something(u8 *output, const u8 *input)
>      thing1(...)
>      thing2(...)
>          thinga(...)
>          thingb(...)
>             thingi(...)
>          thingc(...)
>      thing3(...)
>      thing4(...)
>          thinga(...)
>          thingc(...)
> 
> Each one of these functions have a few stack variables. The current
> solution is to call memzero_explicit() on each of those stack
> variables when each function return. But let's say that thingb uses as
> much or more stack as thinga. In this case, I'm wasting cycles (and
> gcc optimizations) by clearing the stack in both thinga and thingb,
> and I could probably get away with doing this in thingb only.
> Probably. But to hand estimate those seems a bit brittle.
> 
> What would be really nice would be to somehow keep track of the
> maximum stack depth, and just before the function returns, clear from
> the maximum depth to its stack base, all in one single call. This
> would not only make the code faster and less brittle, but it would
> also clean up some algorithms quite a bit.
> 
> Ideally this would take the form of a gcc attribute on the function,
> but I was unable to find anything of that nature. I started looking
> for little C tricks for this, and came up dry too. I realize I could
> probably just take the current stack address and zero out until _the
> very end_ but that seems to overshoot and would probably be bad for
> performance. The best I've been able to do come up with are some
> x86-specific macros, but that approach seems a bit underwhelming.
> Other approaches include adding a new attribute via the gcc plugin
> system, which could make this kind of thing more complete [cc'ing
> pipacs in case he's thought about that before].
> 
> I thought maybe somebody on the list has thought about this problem in
> depth before and might have some insights to share.
> 
> Regards,
> Jason
> 

Have you seen http://www.openwall.com/lists/kernel-hardening/2018/03/03/7 ?
This sounds exactly like what you have proposed.

Thanks,
Laura