Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp4656358ybp; Mon, 7 Oct 2019 11:43:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqyIA03ekaWfGsJYd2fp7ZOhd12x31WnaNebHV+q+JkPs+xBY+FpnvgCO/KyOh+ijR8y3f4f X-Received: by 2002:a17:906:7f03:: with SMTP id d3mr25161673ejr.115.1570473793751; Mon, 07 Oct 2019 11:43:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570473793; cv=none; d=google.com; s=arc-20160816; b=L+iqAO7BQp1z9vZaVMHZB1PHKG/iig80Xke1NMxP8pFSRBlHCeyMjWeDuN9n7sLRWo /jpj24a7a5PmfHo60R3Q3VZMMeA4SRWiJI5YfgNSYgFr2gxjzJlRE7muDiYAVc8MrNoh LDQhzXlMDsvYVwSKGG84GzP9hn8uUcGfIBrp0ck9uNlitv8AqDk2lzCURLbyFD7Q/j+p CyyeMhdJ1d0BNGfqz9ObZj7XLqEnSf1ebAqDZs52Q0QTrxj1kxv+0BtN4eL4eomsMysC HFGythD4A+wTE7A98lMe/ZtdcpvEov3q/WYw1OIRD0uEtsqD53Tii8aPwCBANUM7EEf4 f7MQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:date:from:dkim-signature; bh=7eEfovKGT46NPkty4JePi34eFTOmFxf7gPHZxEXtsdU=; b=RPPL25c4IJ/hcTm1A++mm4hdw0/wi79D8aojConoEYb9esigwpnCrCYe67B3FYeaml XdtGc3EdCqJYAJM1U6b3ZdjLVPId2a5LR8XbC04lSJ4ZmvDmTKGPvqwuqbirhia5pib4 LXxyQjmQ/pGSnCN9aN9dQs+Q9u01VY3NjQXZqF0DsXNYgmCay3BCWJqJ1JpFNa1hUbQ/ XuQ7ptFFXWBGonGHommbQv1d93TAbIbbRJxYJZRFyXBamAZvVhE75+oeu09jcqa1vL8z DzKGO5MC1ESUJ12wLulPRV+uyBfNfjBC1nBEc77tFMeQsC6huuNdM2et56vVytt0mmCi 1bNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=IBXC2WwK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h2si9155201edb.346.2019.10.07.11.42.50; Mon, 07 Oct 2019 11:43:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=IBXC2WwK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728440AbfJGSml (ORCPT + 99 others); Mon, 7 Oct 2019 14:42:41 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:42423 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728079AbfJGSml (ORCPT ); Mon, 7 Oct 2019 14:42:41 -0400 Received: by mail-qt1-f193.google.com with SMTP id w14so20665585qto.9; Mon, 07 Oct 2019 11:42:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=7eEfovKGT46NPkty4JePi34eFTOmFxf7gPHZxEXtsdU=; b=IBXC2WwKi3QN6sBAJ4L5gDIFg5ktB2q/zo2DunyriDZv+n6ba3AO8GILev10cvpUmc GCns9+0/8VqT/aE0c31pKZOF1HX8ww/6RQeg8CCpOggrROsRwvL0LdhyQ99PelDY86dZ zSYRlTxKU+Pza259j89of/6t+yrHKOkP2dN1FKi4S5/8bxSxfvAib3sr6WfU5DrDw2bx A3n40ODFVKqYcPP08aDweYEv3XYow3AwkA6rvuU73RWjVdzYDaRY0gS+8gagEnNFPFl2 vGFgB3WNO8DFmKny0/PbUskjIboj8ZjGn+S4Nn6kGmD18iLA8kzodx7d8xy6XXXfxtsL yCrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:date:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=7eEfovKGT46NPkty4JePi34eFTOmFxf7gPHZxEXtsdU=; b=tF/SXJveKLf8zqj/xwGp12fHoASvHvFldKz/7LIN0EyAQY59cmFg+W+3nfBpjt4dZL k1BC6Kf7chmN2TAqw8mmP2GygdOLDXotsi6mCRrFwC4csiDyPYOkRRvfpQjJpOwGW2Ts qeJ9qf/EBeWrOr/E3/fP8BGp3NDq0jX8yjS3BPdI/YzHEU79oicH8u77kJbn1p9Y9LG9 GLWmKVDS6hOduU/GZsuYlAOvn8OwapBDJJ8MDf/OC5GkyOSd3htxxTU06LWLBsKXFJ28 VzjYFJOM6Y+MFSGIuQcj2f9G44p86fhLEA/l+eziroL8ZFs05+qvfw3LXRuL0jufCjiZ FzPg== X-Gm-Message-State: APjAAAXPWP4chCR1iXI43IPcTuRgsqA3RJtSPzw7WaacyuaWz/9gqg10 zDuUjd/NtBIvQKCAB904xGM= X-Received: by 2002:aed:3522:: with SMTP id a31mr32079589qte.69.1570473759713; Mon, 07 Oct 2019 11:42:39 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id 200sm8302542qkf.65.2019.10.07.11.42.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Oct 2019 11:42:39 -0700 (PDT) From: Arvind Sankar X-Google-Original-From: Arvind Sankar Date: Mon, 7 Oct 2019 14:42:37 -0400 To: Ingo Molnar Cc: Arvind Sankar , Hans de Goede , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , Herbert Xu , Ard Biesheuvel , linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Stephan Mueller , linux-s390@vger.kernel.org Subject: Re: [PATCH v2 5.4 regression fix] x86/boot: Provide memzero_explicit Message-ID: <20191007184237.GB13589@rani.riverdale.lan> References: <20191007134724.4019-1-hdegoede@redhat.com> <20191007140022.GA29008@gmail.com> <1dc3c53d-785e-f9a4-1b4c-3374c94ae0a7@redhat.com> <20191007142230.GA117630@gmail.com> <2982b666-e310-afb7-40eb-e536ce95e23d@redhat.com> <20191007144600.GB59713@gmail.com> <20191007152049.GA384920@rani.riverdale.lan> <20191007154007.GA96929@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="H+4ONPRPur6+Ovig" Content-Disposition: inline In-Reply-To: <20191007154007.GA96929@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --H+4ONPRPur6+Ovig Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Mon, Oct 07, 2019 at 05:40:07PM +0200, Ingo Molnar wrote: > > * Arvind Sankar wrote: > > > With the barrier in there, is there any reason to *not* inline the > > function? barrier_data() is an asm statement that tells the compiler > > that the asm uses the memory that was set to zero, thus preventing it > > from removing the memset even if nothing else uses that memory later. A > > more detailed comment is there in compiler-gcc.h. I can't see why it > > wouldn't work even if it were inlined. > > > > If the function can indeed be inlined, we could just make the common > > implementation a macro and avoid duplicating it? As mentioned in another > > mail, we otherwise will likely need another duplicate implementation for > > arch/s390/purgatory as well. > > I suspect macro would be justified in this case. Mind sending a v3 patch > to demonstrate how it would all look like? > > I'll zap v2 if the macro solution looks better. > > Thanks, > > Ingo Patch attached to turn memzero_explicit into inline function. --H+4ONPRPur6+Ovig Content-Type: text/x-diff; charset=utf-8 Content-Disposition: attachment; filename="0001-lib-string-make-memzero_explicit-inline-instead-of-e.patch" From 25834b8040eff72478489be0bd8a2ff549af7f94 Mon Sep 17 00:00:00 2001 From: Arvind Sankar Date: Mon, 7 Oct 2019 14:34:24 -0400 Subject: [PATCH] lib/string: make memzero_explicit inline instead of external With the use of the barrier implied by barrier_data(), there is no need for memzero_explicit to be extern. Making it inline saves the overhead of a function call, and allows the code to be reused in arch/*/purgatory without having to duplicate the implementation. Fixes: 906a4bb97f5d ("crypto: sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit") Signed-off-by: Arvind Sankar --- include/linux/string.h | 21 ++++++++++++++++++++- lib/string.c | 21 --------------------- 2 files changed, 20 insertions(+), 22 deletions(-) diff --git a/include/linux/string.h b/include/linux/string.h index b2f9df7f0761..b6ccdc2c7f02 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -227,7 +227,26 @@ static inline bool strstarts(const char *str, const char *prefix) } size_t memweight(const void *ptr, size_t bytes); -void memzero_explicit(void *s, size_t count); + +/** + * memzero_explicit - Fill a region of memory (e.g. sensitive + * keying data) with 0s. + * @s: Pointer to the start of the area. + * @count: The size of the area. + * + * Note: usually using memset() is just fine (!), but in cases + * where clearing out _local_ data at the end of a scope is + * necessary, memzero_explicit() should be used instead in + * order to prevent the compiler from optimising away zeroing. + * + * memzero_explicit() doesn't need an arch-specific version as + * it just invokes the one of memset() implicitly. + */ +static inline void memzero_explicit(void *s, size_t count) +{ + memset(s, 0, count); + barrier_data(s); +} /** * kbasename - return the last part of a pathname. diff --git a/lib/string.c b/lib/string.c index cd7a10c19210..08ec58cc673b 100644 --- a/lib/string.c +++ b/lib/string.c @@ -748,27 +748,6 @@ void *memset(void *s, int c, size_t count) EXPORT_SYMBOL(memset); #endif -/** - * memzero_explicit - Fill a region of memory (e.g. sensitive - * keying data) with 0s. - * @s: Pointer to the start of the area. - * @count: The size of the area. - * - * Note: usually using memset() is just fine (!), but in cases - * where clearing out _local_ data at the end of a scope is - * necessary, memzero_explicit() should be used instead in - * order to prevent the compiler from optimising away zeroing. - * - * memzero_explicit() doesn't need an arch-specific version as - * it just invokes the one of memset() implicitly. - */ -void memzero_explicit(void *s, size_t count) -{ - memset(s, 0, count); - barrier_data(s); -} -EXPORT_SYMBOL(memzero_explicit); - #ifndef __HAVE_ARCH_MEMSET16 /** * memset16() - Fill a memory area with a uint16_t -- 2.21.0 --H+4ONPRPur6+Ovig--