From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id A558845CFC;
	Thu, 14 Nov 2024 03:37:55 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 2C7A5427B9;
	Thu, 14 Nov 2024 03:37:53 +0100 (CET)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mails.dpdk.org (Postfix) with ESMTP id 9A15340268
 for <dev@dpdk.org>; Thu, 14 Nov 2024 03:37:50 +0100 (CET)
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-71e79f73aaeso56604b3a.3
 for <dev@dpdk.org>; Wed, 13 Nov 2024 18:37:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1731551870;
 x=1732156670; darn=dpdk.org; 
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=WUz55kTb6ieZGYd20exCk7Wwf++z1xP6TioOVgc2pik=;
 b=qH8X0/n1Lcjqa7ii5Lq6V/kI4O/NJigD0MTl8XsS0QUjaFRCbrXRHOrItjhQVZQUjO
 c131s+3GBymqcCHOiUbxQXc7u5xgxJ9UmIn7xKT6POz3R4H78fVjmW6MI+d3GnVhTuea
 TNNbPKu0EjnFoTXJHfSUzY1vLoIBsTYq1latZ0mgwBbdLQquxXwER2bgkcy4SUph8NAk
 Ie/wg+KiBsKwb9QquqgpYDVg63a+ieB+bqqm80ZqHigDualGGGX9fMc7r4ARrcTieug+
 V81xQ0SqYHX36l+cIL358F16c3wDGDjWnR3xJky8snNJOBuKgOsXOGohMTpgUlQ48SJ1
 oikg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1731551870; x=1732156670;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=WUz55kTb6ieZGYd20exCk7Wwf++z1xP6TioOVgc2pik=;
 b=Y8zHlyxOmAaibnTFogN3RG9T2aljJjKAI1YpHrLk1c8YJNzbZWCqr3tfrKQOqF+qQd
 yrqMlFXPlTSAl/XhDnv8D/Ds0TfeDGWHePoR6xbqBPL0Dx1GmsdJ5FCbqnQVTXd7sYaY
 6I30/TZ1nI5RmrElLdI63UfDM3i+7SQLuyr64qMoi+1+YXv9KxbdjXl93uVY4ZovmZ2w
 dAsO2V3DOjuIQ9qpKFR45gJUrWRW4Rq+O0f2yMEVM+oHlzuyu3JoF8/saxE7UoDnDF5I
 6odFyHFbGTqRdmZnyc+oHR8dyFcJKLvilz9DmVDyXPgQLhzvpQP6l1s7cQmj9ny99V+t
 1wdg==
X-Gm-Message-State: AOJu0YxyWCI8fybEOnrYJaiM1frmKrPNICMcSzpBLC/c5pUuTKjifWr/
 n3D5H7WiW3nzMYCMgdHzDPl+BDmTepXuP+082ekXgO6OFl9WdyVJq96wvbAAcNgKxzE5Ec/dT8c
 E
X-Google-Smtp-Source: AGHT+IEU7FN1prFVC5w3eK+Xl+CJzaEKopdUi4qTqkRHVORCS6+6iCvGbCbv0tG0FHADD1OHriOtVA==
X-Received: by 2002:a05:6a00:23c4:b0:71e:55e2:2c54 with SMTP id
 d2e1a72fcca58-724132be6a7mr28973834b3a.12.1731551869631; 
 Wed, 13 Nov 2024 18:37:49 -0800 (PST)
Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7246a5d2bb5sm150976b3a.29.2024.11.13.18.37.49
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 13 Nov 2024 18:37:49 -0800 (PST)
From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
 Tyler Retzlaff <roretzla@linux.microsoft.com>
Subject: [PATCH v3 01/11] eal: introduce new secure memory fill
Date: Wed, 13 Nov 2024 18:35:50 -0800
Message-ID: <20241114023738.141821-2-stephen@networkplumber.org>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20241114023738.141821-1-stephen@networkplumber.org>
References: <20241114011129.451243-1-stephen@networkplumber.org>
 <20241114023738.141821-1-stephen@networkplumber.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

When memset() is used before a release function such as free,
the compiler if allowed to optimize the memset away under
the as-if rules. This is normally ok, but in certain cases such
as passwords or security keys it is problematic.

Introduce a DPDK wrapper which is equivalent to the C++ memset_s
function.  Naming chosen to be similar to kernel.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 lib/eal/include/rte_string_fns.h | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/lib/eal/include/rte_string_fns.h b/lib/eal/include/rte_string_fns.h
index 702bd81251..4874703957 100644
--- a/lib/eal/include/rte_string_fns.h
+++ b/lib/eal/include/rte_string_fns.h
@@ -15,6 +15,7 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <rte_atomic.h>
 #include <rte_common.h>
 #include <rte_compat.h>
 
@@ -149,6 +150,32 @@ rte_str_skip_leading_spaces(const char *src)
 	return p;
 }
 
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice.
+ *
+ * Fill memory with constant byte but can not be optimized away.
+ * Use as a replacement for memset() for sensitive information.
+ *
+ * @param dst
+ *   target buffer
+ * @param ch
+ *   byte to fill
+ * @param sz
+ *   number of bytes to fill
+ *
+ * @return
+ *  like memset() returns a pointer th the memory area dst.
+ */
+__rte_experimental
+static inline void *
+rte_memset_sensitive(void *dst, int ch, size_t sz)
+{
+	void *ret = memset(dst, ch, sz);
+	rte_compiler_barrier();
+	return ret;
+}
+
 #ifdef __cplusplus
 }
 #endif
-- 
2.45.2