From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 2375A45CFC;
	Thu, 14 Nov 2024 02:54:23 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 7AEC14161A;
	Thu, 14 Nov 2024 02:54:18 +0100 (CET)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com
 [209.85.216.41]) by mails.dpdk.org (Postfix) with ESMTP id 75DD14113D
 for <dev@dpdk.org>; Thu, 14 Nov 2024 02:54:17 +0100 (CET)
Received: by mail-pj1-f41.google.com with SMTP id
 98e67ed59e1d1-2e3010478e6so109795a91.1
 for <dev@dpdk.org>; Wed, 13 Nov 2024 17:54:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1731549256;
 x=1732154056; darn=dpdk.org; 
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=1dq8Jt8qvFTmpl0YVgCAPQAp40wnBhckHU1OANHOH/g=;
 b=lBMaqse5iBAbu9c6g7YlQ4HjQzDivivHyCMgpSPnjzs8CQ51He7+35QCmCJ+PFOZKp
 k7Q+2nw7UrJ5EEv/Kd7JLatM+rZ+bsVJcmoqSWUi6vJ9VkvnRIqVNb5bAdxVnFIKdGw9
 x1PKURy9Be1AOdNYobirkG47lC4HcY6kQpfk7721B4D2qIbVNnXOgF/6tcwIET9lXWvT
 n5Gmgv5GZZD26LfizSJ0N4gSlAcPBmfTMwEnMpwd9bYVcu7QwRtPaQCzwPenZLlk+v7B
 mMCkiyt/rOMZ0ND7fz+JpEUBno+LTDhpumZmtIEuPWEb4T4eGlLZBQDc2U3FGDhWrdtn
 ugNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1731549256; x=1732154056;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=1dq8Jt8qvFTmpl0YVgCAPQAp40wnBhckHU1OANHOH/g=;
 b=GBGAaKqw23Xpw2dYdmylC1ggxubhFo+68eMKF2SQP3/LcO7SWLxcY12Huv0sSKfjjU
 IQH8rPCaOBX/cJDogskYOA0Gd+LAp9gq8lonuPfqScbF3zlBpdkHFc3ZkB2NA1YwaIFF
 hIPwX1tJvZGkt394wYZ61fF9Pp9JJoU48+T8qGxD3nyA/PL6kok2b0I8fW+vfxRjJD/j
 TZdfkAutW9R5eR57Hw70e74wEJMqV/Y9rflfG2wr7DYmcBMW6lP6FRQehRcX8Pgd49qR
 YgJgCjTl6WZW4jwbuZjyAUw5IYLr5FdGOe7USu2O+EkBvKVnpJDEj9V4oHewePm9X15+
 teQw==
X-Gm-Message-State: AOJu0YyHm8m/KMjGBLOf7pOaLt3o6Oxn5Wq3SXlH58/dswHDlaZ/v5F5
 MfNt4wwayb8CmqcZKDkHHQNRzaR87MEOh0qSg6GWmQ2dqXV270Vpao5uEaIRXrx0rPr6P98HGie
 O
X-Google-Smtp-Source: AGHT+IGt7E/kGevigHOzvcrFT5Cgn1kecl0ocjqlU1ZWYM/WSHFeKUwO5Caz/iSoAaNQgeDEOs8O0Q==
X-Received: by 2002:a17:90a:d40c:b0:2e2:cd6b:c6ca with SMTP id
 98e67ed59e1d1-2ea063a32dfmr463965a91.25.1731549256307; 
 Wed, 13 Nov 2024 17:54:16 -0800 (PST)
Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2ea02496eedsm210050a91.18.2024.11.13.17.54.15
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 13 Nov 2024 17:54:15 -0800 (PST)
From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
 Tyler Retzlaff <roretzla@linux.microsoft.com>
Subject: [PATCH v2 1/8] eal: introduce new secure memory fill
Date: Wed, 13 Nov 2024 17:52:15 -0800
Message-ID: <20241114015405.77060-2-stephen@networkplumber.org>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20241114015405.77060-1-stephen@networkplumber.org>
References: <20241114011129.451243-1-stephen@networkplumber.org>
 <20241114015405.77060-1-stephen@networkplumber.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

When memset() is used before a release function such as free,
the compiler if allowed to optimize the memset away under
the as-if rules. This is normally ok, but in certain cases such
as passwords or security keys it is problematic.

Introduce a DPDK wrapper which is equivalent to the C++ memset_s
function.  Naming chosen to be similar to kernel.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 lib/eal/include/rte_string_fns.h | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/lib/eal/include/rte_string_fns.h b/lib/eal/include/rte_string_fns.h
index 702bd81251..bf6052c547 100644
--- a/lib/eal/include/rte_string_fns.h
+++ b/lib/eal/include/rte_string_fns.h
@@ -15,6 +15,7 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <rte_atomic.h>
 #include <rte_common.h>
 #include <rte_compat.h>
 
@@ -149,6 +150,32 @@ rte_str_skip_leading_spaces(const char *src)
 	return p;
 }
 
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice.
+ *
+ * Fill memory with constant byte but can not be optimized away.
+ * Use as a replacement for memset() for sensitive information.
+ *
+ * @param dst
+ *   target buffer
+ * @param ch
+ *   byte to fill
+ * @param sz
+ *   number of bytes to fill
+ *
+ * @return
+ *  like memset() returns a pointer th the memory area dst.
+ */
+__rte_experimental
+static inline void *
+rte_memset_sensative(void *dst, int ch, size_t sz)
+{
+	void *ret = memset(dst, ch, sz);
+	rte_compiler_barrier();
+	return ret;
+}
+
 #ifdef __cplusplus
 }
 #endif
-- 
2.45.2