Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp4348143ybp; Mon, 7 Oct 2019 07:12:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqy59/q/T6uhtd6BqKRAQA4v2WwEY9yCqCWzFgt3/YfcCpi2G9gthhKVzFHNkbTLuVmrDs45 X-Received: by 2002:a17:906:5c07:: with SMTP id e7mr24021368ejq.127.1570457550425; Mon, 07 Oct 2019 07:12:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570457550; cv=none; d=google.com; s=arc-20160816; b=cCZZ1O/Gn7/OlcPK6hoSfYbaMfqWoSfNFCW+biiqa1495KIOAKL0gLvQlPoW+D5waD +BPvnKMRchJtohXQunPnkNaWAh686o61U+CBfOd19+Ft2RQ3m3HeLfJmBw/Nn/Sn6yiR TwM6vllV03ItZ8ycU8UN6zRT21+nSjby3EVr/AeMOQI09PBteZIXPM/0JN4D24braKbZ myjgbdPxYIeIKtZGpymL6DyYpTkU2Pv2q7GTMM9wj7GArSunpr/5pS6aycxdaALyA7r/ Fwh6OJaIu4d2btWbQ2P6oUeORAzrYkZ0f4PZLBRQBgcOQWfcUBdqVr3axjVdgTdOV6CQ hLvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=Dds3OvwkpQnHLh7gK9rCz/VJSlfyc8rH9MYu6DcxntY=; b=HeNWR9dJyUG3GX8o53K1OjrVZvqPg1XiTO9rccA9zfer1Q63Wr55/eFHTdv5NOnbL/ 02Ro3KYQAeT5JszmRhpeIC8N5ZZo6CefmzjhbpGs/LTkLkdef4G2v92pTYkTLRyFpI2j X8fXithE7bvCPRYcMeQ6Jc3svNrzrcITwqCvMDFlYW5ob+u3zlU3nHIlSuqdSQSQBUd5 TLEcGYgxZf2hC7AvlfSkjEeYsotBJHI1SHF46pUFa7REyr7mWAVDHXMZ+f5/FexONpUQ keaSnRpi61ReyVaScJHWfYvz3od9wiv61cMJmAxfUOKPT4Ctgrmsht93Ig70cOKqz3Gh Y66Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p2si8097234edx.106.2019.10.07.07.12.02; Mon, 07 Oct 2019 07:12:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727778AbfJGOLz (ORCPT + 99 others); Mon, 7 Oct 2019 10:11:55 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60126 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727745AbfJGOLz (ORCPT ); Mon, 7 Oct 2019 10:11:55 -0400 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BD15B12E5 for ; Mon, 7 Oct 2019 14:11:54 +0000 (UTC) Received: by mail-wm1-f70.google.com with SMTP id r21so3380947wme.5 for ; Mon, 07 Oct 2019 07:11:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Dds3OvwkpQnHLh7gK9rCz/VJSlfyc8rH9MYu6DcxntY=; b=BlJPYxsNAr33mawqWApB1jnhwcolfZnKgqUGFzpCvjhL9xVwChMCKstgrP5dsm0h+F DwbSt2bhvX0ZrNgquciZ16m/KU8VYpgAs5wAGGQoOOZEBGnJUhnsUSma7b6rrUGPVdIo HSbkbZ2UauXECdZ7zWb7y4n8DdLfn7KSi8UzvmUurgFLzU09yGjEn4V0WCVMkxqNVE9p +DqVQT0MD6EIYfVrdXLKCRMSLp9m95Ft0A5uft23YOkbN6w9BEVRZRaE3BZGWKEB/j/O Of9u2qilqEu66NAzKKPL3f2NITXCKk79i5ySipdwvbfHaaV3ugxGvULEkt7ewmrevwhn qzfA== X-Gm-Message-State: APjAAAUlFy6FhG8yLu0Wrbv2hV5ef5I+WpSXVrLzSU20ii4X8HrdiA4b URTaeygZpKEAqFvprlE21qkkij6Tyr6O4VTM/m3YdrE5e6G17oCd6dzabA3y9Dl39IcFaRC9M3w DnPttcptQ6nobV6QaDmyMqx7V X-Received: by 2002:a1c:7fcc:: with SMTP id a195mr21312092wmd.27.1570457513304; Mon, 07 Oct 2019 07:11:53 -0700 (PDT) X-Received: by 2002:a1c:7fcc:: with SMTP id a195mr21312068wmd.27.1570457513112; Mon, 07 Oct 2019 07:11:53 -0700 (PDT) Received: from shalem.localdomain (2001-1c00-0c14-2800-ec23-a060-24d5-2453.cable.dynamic.v6.ziggo.nl. [2001:1c00:c14:2800:ec23:a060:24d5:2453]) by smtp.gmail.com with ESMTPSA id z125sm28609038wme.37.2019.10.07.07.11.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 07 Oct 2019 07:11:52 -0700 (PDT) Subject: Re: [PATCH v2 5.4 regression fix] x86/boot: Provide memzero_explicit To: Ingo Molnar Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , Herbert Xu , Ard Biesheuvel , linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Arvind Sankar , Stephan Mueller References: <20191007134724.4019-1-hdegoede@redhat.com> <20191007140022.GA29008@gmail.com> From: Hans de Goede Message-ID: <1dc3c53d-785e-f9a4-1b4c-3374c94ae0a7@redhat.com> Date: Mon, 7 Oct 2019 16:11:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 MIME-Version: 1.0 In-Reply-To: <20191007140022.GA29008@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, On 07-10-2019 16:00, Ingo Molnar wrote: > > * Hans de Goede wrote: > >> The purgatory code now uses the shared lib/crypto/sha256.c sha256 >> implementation. This needs memzero_explicit, implement this. >> >> Reported-by: Arvind Sankar >> Fixes: 906a4bb97f5d ("crypto: sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit") >> Signed-off-by: Hans de Goede >> --- >> Changes in v2: >> - Add barrier_data() call after the memset, making the function really >> explicit. Using barrier_data() works fine in the purgatory (build) >> environment. >> --- >> arch/x86/boot/compressed/string.c | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/arch/x86/boot/compressed/string.c b/arch/x86/boot/compressed/string.c >> index 81fc1eaa3229..654a7164a702 100644 >> --- a/arch/x86/boot/compressed/string.c >> +++ b/arch/x86/boot/compressed/string.c >> @@ -50,6 +50,12 @@ void *memset(void *s, int c, size_t n) >> return s; >> } >> >> +void memzero_explicit(void *s, size_t count) >> +{ >> + memset(s, 0, count); >> + barrier_data(s); >> +} > > So the barrier_data() is only there to keep LTO from optimizing out the > seemingly unused function? I believe that Stephan Mueller (who suggested adding the barrier) was also worried about people using this as an example for other "explicit" functions which actually might get inlined. This is not so much about protecting against LTO as it is against protecting against inlining, which in this case boils down to the same thing. Also this change makes the arch/x86/boot/compressed/string.c and lib/string.c versions identical which seems like a good thing to me (except for the code duplication part of it). But I agree a comment would be good, how about: void memzero_explicit(void *s, size_t count) { memset(s, 0, count); /* Avoid the memset getting optimized away if we ever get inlined */ barrier_data(s); } ? Regards, Hans