From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id C895D45D07;
	Thu, 14 Nov 2024 19:45:08 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id CF79942ED4;
	Thu, 14 Nov 2024 19:45:06 +0100 (CET)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43]) by mails.dpdk.org (Postfix) with ESMTP id C9B2242ECB
 for <dev@dpdk.org>; Thu, 14 Nov 2024 19:45:03 +0100 (CET)
Received: by mail-pj1-f43.google.com with SMTP id
 98e67ed59e1d1-2e2e8c8915eso808912a91.3
 for <dev@dpdk.org>; Thu, 14 Nov 2024 10:45:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1731609903;
 x=1732214703; darn=dpdk.org; 
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=WUz55kTb6ieZGYd20exCk7Wwf++z1xP6TioOVgc2pik=;
 b=bOXWyIv0yvfxsIfkVmemGsXoKxPQI3hL4yh+LA2Lgei2oG3AaEBPshLk4aPzB4wnjx
 znLXMbJ8MvE/xAZ3RqbKZO2yiQaGu0rCn+LMIdzowCpMyPix8var4juiZowxAQJH6/Bv
 N/NPiAigMesph8gVpam68kUYyrFG8fhMSHAsKTzJdj5SC99nNNdAC5/0Hcic+lz7BFFK
 Qho4T5YYtm75HVBlw+LFQUUETbI8J5WxfwgKu1ppYvVWv66+9VCGYrygU5tT1SR3HA33
 XmGeskJt2GSLiKxIyBgLr77NBJkC/TFKwOnLE7KhUzVRQPsUTZl2cDtsWI7ZJ2UjDVuF
 WM6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1731609903; x=1732214703;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=WUz55kTb6ieZGYd20exCk7Wwf++z1xP6TioOVgc2pik=;
 b=VDU6ej5EE2fSJJDp8FG5XIF8/DSVXef/NEKfFwtfWHoH1OY4PpHULYYf+nusJMKWtr
 62HzgmWrt5BNNLjGXbsU8NEKEjYAXh4jQhIV7LxRWcKHVFKKxHYKWmazBzNmGIm3wv9L
 9sgADUtZGGthWrwcom3Kr1NdHCm5oAv0XGJnI1u7qIfMidGyQHi3itQsxQfoTaGJTR/g
 MMqMp1tcvwNSFE0bOwyOXFnPzCjoVCH5DF84oRVYjF9bkxQynVcQtEMGj2vtLIjHrLaH
 S+te0F8lLKmmH4GoBsuqkjxkB/HI12XpeuM5DueBaC14Gyl/RIc6lKr3hEx6e96xhjkj
 l6Xg==
X-Gm-Message-State: AOJu0YzCrqZq6GPqdPAPkgLnmrt4IXPYk+FG/yNVtGIIQ688cgUluD7l
 jFu6nJShldk/gJ3wlKxfApY3Y6QBj/uG4ESVwn5tQnFwUtcY0ZE21uaSu3nhX+k1fJFxdG903ZO
 SncU=
X-Google-Smtp-Source: AGHT+IG+uE3YyMCpo18hb0ns2tkRUcr8ZRmNlu1HiPjIBzVDwvvjV0axFK1FxpPyCkfZ1qG3JccjCw==
X-Received: by 2002:a17:90a:d005:b0:2e0:9d3e:bc2a with SMTP id
 98e67ed59e1d1-2ea06a654demr3209221a91.32.1731609902821; 
 Thu, 14 Nov 2024 10:45:02 -0800 (PST)
Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2ea06ef71a6sm1517611a91.8.2024.11.14.10.45.02
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 14 Nov 2024 10:45:02 -0800 (PST)
From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
 Tyler Retzlaff <roretzla@linux.microsoft.com>
Subject: [PATCH v4 01/12] eal: introduce new secure memory fill
Date: Thu, 14 Nov 2024 10:43:23 -0800
Message-ID: <20241114184452.31854-2-stephen@networkplumber.org>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20241114184452.31854-1-stephen@networkplumber.org>
References: <20241114011129.451243-1-stephen@networkplumber.org>
 <20241114184452.31854-1-stephen@networkplumber.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

When memset() is used before a release function such as free,
the compiler if allowed to optimize the memset away under
the as-if rules. This is normally ok, but in certain cases such
as passwords or security keys it is problematic.

Introduce a DPDK wrapper which is equivalent to the C++ memset_s
function.  Naming chosen to be similar to kernel.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 lib/eal/include/rte_string_fns.h | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/lib/eal/include/rte_string_fns.h b/lib/eal/include/rte_string_fns.h
index 702bd81251..4874703957 100644
--- a/lib/eal/include/rte_string_fns.h
+++ b/lib/eal/include/rte_string_fns.h
@@ -15,6 +15,7 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <rte_atomic.h>
 #include <rte_common.h>
 #include <rte_compat.h>
 
@@ -149,6 +150,32 @@ rte_str_skip_leading_spaces(const char *src)
 	return p;
 }
 
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice.
+ *
+ * Fill memory with constant byte but can not be optimized away.
+ * Use as a replacement for memset() for sensitive information.
+ *
+ * @param dst
+ *   target buffer
+ * @param ch
+ *   byte to fill
+ * @param sz
+ *   number of bytes to fill
+ *
+ * @return
+ *  like memset() returns a pointer th the memory area dst.
+ */
+__rte_experimental
+static inline void *
+rte_memset_sensitive(void *dst, int ch, size_t sz)
+{
+	void *ret = memset(dst, ch, sz);
+	rte_compiler_barrier();
+	return ret;
+}
+
 #ifdef __cplusplus
 }
 #endif
-- 
2.45.2