From: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Greg KH <gregkh@linuxfoundation.org>,
herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
qat-linux@intel.com, vdronov@redhat.com, stable@vger.kernel.org,
Adam Guerin <adam.guerin@intel.com>,
Wojciech Ziemba <wojciech.ziemba@intel.com>
Subject: Re: [PATCH 07/12] crypto: qat - set to zero DH parameters before free
Date: Mon, 9 May 2022 09:58:14 +0100 [thread overview]
Message-ID: <YnjXppYkVYNyWTFg@silpixa00400314> (raw)
In-Reply-To: <Yna/2Iwdr8zcwi+q@sol.localdomain>
On Sat, May 07, 2022 at 11:52:08AM -0700, Eric Biggers wrote:
> On Fri, May 06, 2022 at 04:41:52PM +0200, Greg KH wrote:
> > On Fri, May 06, 2022 at 11:01:17AM +0100, Giovanni Cabiddu wrote:
> > > On Fri, May 06, 2022 at 11:23:50AM +0200, Greg KH wrote:
> > > > On Fri, May 06, 2022 at 09:23:22AM +0100, Giovanni Cabiddu wrote:
> > > > > Set to zero the DH context buffers containing the DH key before they are
> > > > > freed.
> > > >
> > > > That says what, but not why.
> > > >
> > > > > Cc: stable@vger.kernel.org
> > > > > Fixes: c9839143ebbf ("crypto: qat - Add DH support")
> > > > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > > > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > > > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > > > > ---
> > > > > drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
> > > > > 1 file changed, 3 insertions(+)
> > > > >
> > > > > diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > > index d75eb77c9fb9..2fec89b8a188 100644
> > > > > --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > > +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > > @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
> > > > > static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
> > > > > {
> > > > > if (ctx->g) {
> > > > > + memzero_explicit(ctx->g, ctx->p_size);
> > > > > dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
> > > >
> > > > Why is a memset() not sufficient here?
> > > Based on the previous conversation a memset() should be sufficient.
> > >
> > > > And what is this solving? Who would get this stale data?
> > > This is to make sure the buffer containing sensitive data (i.e. a key)
> > > is not leaked out by a subsequent allocation.
> >
> > But as all sane distros have CONFIG_INIT_ON_ALLOC_DEFAULT_ON enabled,
> > right? That should handle any worries you have with secrets being on
> > the heap. But even then, are you trying to protect yourself against
> > other kernel modules? Think this through...
> >
>
> This patch looks fine to me; it's always recommended to zero out crypto keys at
> the end of their lifetime so that they can't be recovered from free memory if
> system memory is compromised before the memory happens to be allocated and
> overwritten again. See the hundreds of existing callers of kfree_sensitive(),
> which exist for exactly this reason.
>
> Note that preventing the key from being "leaked out by a subsequent allocation"
> is *not* the point, and thus CONFIG_INIT_ON_ALLOC_DEFAULT_ON is irrelevant.
I'm going to clarify the commit message and re-send it detached from the
set.
Regards,
--
Giovanni
next prev parent reply other threads:[~2022-05-09 9:18 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220506082327.21605-1-giovanni.cabiddu@intel.com>
2022-05-06 8:23 ` [PATCH 01/12] crypto: qat - use pre-allocated buffers in datapath Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 02/12] crypto: qat - refactor submission logic Giovanni Cabiddu
2022-05-06 9:24 ` Greg KH
2022-05-06 9:38 ` Giovanni Cabiddu
2022-05-06 9:40 ` Greg KH
2022-05-06 8:23 ` [PATCH 03/12] crypto: qat - add backlog mechanism Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 04/12] crypto: qat - fix memory leak in RSA Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 05/12] crypto: qat - remove dma_free_coherent() for RSA Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 06/12] crypto: qat - remove dma_free_coherent() for DH Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 07/12] crypto: qat - set to zero DH parameters before free Giovanni Cabiddu
2022-05-06 9:23 ` Greg KH
2022-05-06 10:01 ` Giovanni Cabiddu
2022-05-06 14:41 ` Greg KH
2022-05-07 18:52 ` Eric Biggers
2022-05-09 8:58 ` Giovanni Cabiddu [this message]
2022-05-06 8:23 ` [PATCH 08/12] crypto: qat - add param check for RSA Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 09/12] crypto: qat - add param check for DH Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 10/12] crypto: qat - use memzero_explicit() for algs Giovanni Cabiddu
2022-05-06 9:22 ` Greg KH
2022-05-06 9:54 ` Giovanni Cabiddu
2022-05-06 14:38 ` Greg KH
2022-05-09 8:50 ` Giovanni Cabiddu
2022-05-09 9:42 ` Greg KH
2022-05-06 8:23 ` [PATCH 11/12] crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 12/12] crypto: qat - re-enable registration of algorithms Giovanni Cabiddu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YnjXppYkVYNyWTFg@silpixa00400314 \
--to=giovanni.cabiddu@intel.com \
--cc=adam.guerin@intel.com \
--cc=ebiggers@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=qat-linux@intel.com \
--cc=stable@vger.kernel.org \
--cc=vdronov@redhat.com \
--cc=wojciech.ziemba@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).