Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp2761309iob;
        Fri, 6 May 2022 09:50:22 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxsbz14arKfWMon6Pbmc/3z+XDzzxiziFMF5n/AzsaJlyyOPA4EZCHQX4iBCWg2VB/XpBwt
X-Received: by 2002:a63:87c1:0:b0:3ab:254f:7aff with SMTP id i184-20020a6387c1000000b003ab254f7affmr3491309pge.341.1651855822523;
        Fri, 06 May 2022 09:50:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1651855822; cv=none;
        d=google.com; s=arc-20160816;
        b=zBTptpaK/rfFabUy5o3NzC2SJliAgLTpJa2uGZbIvss6fczveTx4PiPeo1jMONyDC8
         ObwMGIYNqI7t1yIX3tDRMaBx7ttcD5FC8Kl68JVDH/V233kqiNGAcXxIHWuTfRNus4Ud
         VlJEAW4bmRb2CK+5re39bT3J8WqnMjuOGmtYZ3QrD/wGa7IcVoMwk8ghzsOA0WQAASPR
         9WgHNgIM5j8X0fx45H2ntCrcmnbrEnBAifQI0zzQ9DK7to/aHWrUc62H42lNf0q9S3w4
         HAQdBdgN0afsGs8PeNEq9vaunJ1StugZnoe/ylPOcYb0HSMg0iZ3tK67h+djSUBMBRTV
         xELA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=b4l7tPcjAwWEFGaksiFGZ7H5mY/Dx0cqyJTw9JUmUk8=;
        b=00JqJ7s4NOidGszt37UuXTq2y4kNLZu9bMdSixKZkcVOtxjyezfjlBLwdwKNMx/ezF
         X+UwXiaN7ufgIN/iMrQoet3sqATVMQeLPojkF1Gm6LRZERb9wPzf8+xe+6eP2zbjcFIx
         wlz3akElCD9lOl4O8HJCSjsfZvR7OzTrGT2s7ohpkWdeLoVbxzO6BKABKCFvKV4YPkze
         R3u0tFPm0SLpGx1NtpAAKSf9Xp036wA4Q73T3MLrdTXOCLl6j/7aQPKYsWATqS4Qjj5b
         v3vdwkQp41OnzzF6NxARtaUpU2D/wOXZtVofO6dut7R622UPhWbSPa1N7kt3leG9W8jQ
         13AQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=boy4pNpI;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id i7-20020a170902c94700b00155d59481eesi3040022pla.88.2022.05.06.09.50.02;
        Fri, 06 May 2022 09:50:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=boy4pNpI;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1348175AbiEFOpn (ORCPT <rfc822;benevolent.opressor@gmail.com>
        + 99 others); Fri, 6 May 2022 10:45:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41020 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232764AbiEFOpm (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 6 May 2022 10:45:42 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7EE276AA41;
        Fri,  6 May 2022 07:41:59 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 312B2B8362A;
        Fri,  6 May 2022 14:41:58 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D0842C385A8;
        Fri,  6 May 2022 14:41:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1651848116;
        bh=od3kX4Z27CkDxo/vbf9pjAvwaN8dAIlOjZF+sSqzveA=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=boy4pNpI+okadZ4mjJW1I1kB1vb5C/iW5X8eWe3lIB68oEFyvekqKKY6RQN7Bq4kZ
         7hD2BCyw0+IWOY+nvnnwpithMqsiZAovSJJxBpu1mEk8Cs4Ozh9YQWRorOA3QE8iw9
         YAN+oHAkjCmZWWx4P13lKR2Odq3va7umCAVZG6sM=
Date:   Fri, 6 May 2022 16:41:52 +0200
From:   Greg KH <gregkh@linuxfoundation.org>
To:     Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Cc:     herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
        qat-linux@intel.com, vdronov@redhat.com, stable@vger.kernel.org,
        Adam Guerin <adam.guerin@intel.com>,
        Wojciech Ziemba <wojciech.ziemba@intel.com>
Subject: Re: [PATCH 07/12] crypto: qat - set to zero DH parameters before free
Message-ID: <YnUzsAQd682pJjMt@kroah.com>
References: <20220506082327.21605-1-giovanni.cabiddu@intel.com>
 <20220506082327.21605-8-giovanni.cabiddu@intel.com>
 <YnTpJkTXwmYyE9lQ@kroah.com>
 <YnTx7fs30scrrjmQ@silpixa00400314>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <YnTx7fs30scrrjmQ@silpixa00400314>
X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Fri, May 06, 2022 at 11:01:17AM +0100, Giovanni Cabiddu wrote:
> On Fri, May 06, 2022 at 11:23:50AM +0200, Greg KH wrote:
> > On Fri, May 06, 2022 at 09:23:22AM +0100, Giovanni Cabiddu wrote:
> > > Set to zero the DH context buffers containing the DH key before they are
> > > freed.
> > 
> > That says what, but not why.
> > 
> > > Cc: stable@vger.kernel.org
> > > Fixes: c9839143ebbf ("crypto: qat - Add DH support")
> > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > > ---
> > >  drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
> > >  1 file changed, 3 insertions(+)
> > > 
> > > diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > index d75eb77c9fb9..2fec89b8a188 100644
> > > --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
> > >  static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
> > >  {
> > >  	if (ctx->g) {
> > > +		memzero_explicit(ctx->g, ctx->p_size);
> > >  		dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
> > 
> > Why is a memset() not sufficient here?
> Based on the previous conversation a memset() should be sufficient.
> 
> > And what is this solving?  Who would get this stale data?
> This is to make sure the buffer containing sensitive data (i.e. a key)
> is not leaked out by a subsequent allocation.

But as all sane distros have CONFIG_INIT_ON_ALLOC_DEFAULT_ON enabled,
right?  That should handle any worries you have with secrets being on
the heap.  But even then, are you trying to protect yourself against
other kernel modules?  Think this through...

thanks,

greg k-h