From: Stephen Hemminger <stephen@networkplumber.org>
To: fengchengwen <fengchengwen@huawei.com>
Cc: <dev@dpdk.org>, Anatoly Burakov <anatoly.burakov@intel.com>,
Tyler Retzlaff <roretzla@linux.microsoft.com>
Subject: Re: [PATCH v5 02/11] eal: add new secure free function
Date: Tue, 11 Feb 2025 22:46:25 -0800 [thread overview]
Message-ID: <20250211224625.4ed4f058@hermes.local> (raw)
In-Reply-To: <49539947-48de-415e-b968-776eab0f3797@huawei.com>
On Wed, 12 Feb 2025 10:01:13 +0800
fengchengwen <fengchengwen@huawei.com> wrote:
> On 2025/2/12 1:35, Stephen Hemminger wrote:
> > Although internally rte_free does poison the buffer in most
> > cases, it is useful to have function that explicitly does
> > this to avoid any security issues.
> >
> > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> > ---
> > lib/eal/common/rte_malloc.c | 30 ++++++++++++++++++++++++------
> > lib/eal/include/rte_malloc.h | 18 ++++++++++++++++++
> > lib/eal/version.map | 3 +++
> > 3 files changed, 45 insertions(+), 6 deletions(-)
> >
> > diff --git a/lib/eal/common/rte_malloc.c b/lib/eal/common/rte_malloc.c
> > index 3eed4d4be6..c9e0f4724f 100644
> > --- a/lib/eal/common/rte_malloc.c
> > +++ b/lib/eal/common/rte_malloc.c
> > @@ -15,6 +15,7 @@
> > #include <rte_eal_memconfig.h>
> > #include <rte_common.h>
> > #include <rte_spinlock.h>
> > +#include <rte_string_fns.h>
> >
> > #include <eal_trace_internal.h>
> >
> > @@ -27,27 +28,44 @@
> >
> >
> > /* Free the memory space back to heap */
> > -static void
> > -mem_free(void *addr, const bool trace_ena)
> > +static inline void
> > +mem_free(void *addr, const bool trace_ena, bool zero)
> > {
> > + struct malloc_elem *elem;
> > +
> > if (trace_ena)
> > rte_eal_trace_mem_free(addr);
> >
> > - if (addr == NULL) return;
> > - if (malloc_heap_free(malloc_elem_from_data(addr)) < 0)
> > + if (addr == NULL)
> > + return;
> > +
> > + elem = malloc_elem_from_data(addr);
> > + if (zero) {
> > + size_t data_len = elem->size - MALLOC_ELEM_OVERHEAD;
>
> this will make rte_malloc know the layout of malloc-elem.
> Prefer to add extra paramter, e.g. malloc_heap_free(elem, bool zero)
Don't understand, these are functions inside the rte_malloc implementation file.
The layout of malloc_elem is already known here and nothing visible in API or ABI is changing.
>
> > +
> > +/**
> > + * Frees the memory space pointed to by the provided pointer
> > + * and guarantees it will be zero'd before reuse.
> > + *
> > + * This pointer must have been returned by a previous call to
> > + * rte_malloc(), rte_zmalloc(), rte_calloc() or rte_realloc(). The behaviour of
> > + * rte_free() is undefined if the pointer does not match this requirement.
>
> Suggest add notice: The value may be cleared twice, which affects the performance.
That could easily change with a little work, this is only for crypto keys
so performance doesn't matter.
> > + *
> > + * If the pointer is NULL, the function does nothing.
> > + *
> > + * @param ptr
> > + * The pointer to memory to be freed.
> > + */
> > +__rte_experimental
> > +void
> > +rte_free_sensitive(void *ptr);
>
> one line is OK.
> void rte_free_sensitive(void *ptr);
Yes it could be on one line, and more compact is my preferred style.
But other functions in this file and DPDK style guide say it should be on its own line.
next prev parent reply other threads:[~2025-02-12 6:46 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-14 1:10 [PATCH 0/3] introduce rte_memset_sensative Stephen Hemminger
2024-11-14 1:10 ` [PATCH 1/3] eal: " Stephen Hemminger
2024-11-14 1:10 ` [PATCH 2/3] crypto/qat: use rte_memset_sensative Stephen Hemminger
2024-11-14 1:10 ` [PATCH 3/3] eal: add rte_free_sensative Stephen Hemminger
2024-11-14 1:52 ` [PATCH v2 0/8] memset security handling Stephen Hemminger
2024-11-14 1:52 ` [PATCH v2 1/8] eal: introduce new secure memory fill Stephen Hemminger
2024-11-14 1:52 ` [PATCH v2 2/8] eal: add new secure free function Stephen Hemminger
2024-11-14 1:52 ` [PATCH v2 3/8] crypto/qat: force zero of keys Stephen Hemminger
2024-11-14 1:52 ` [PATCH v2 4/8] crypto/qat: fix size calculation for memset Stephen Hemminger
2024-11-14 1:52 ` [PATCH v2 5/8] crypto/qat: use secure memset Stephen Hemminger
2024-11-14 1:52 ` [PATCH v2 6/8] bus/uacce: remove memset before free Stephen Hemminger
2024-11-14 1:52 ` [PATCH v2 7/8] compress/octeontx: remove unnecessary memset Stephen Hemminger
2024-11-14 1:52 ` [PATCH v2 8/8] test: remove unneeded memset Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 00/11] memset security handling Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 01/11] eal: introduce new secure memory fill Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 02/11] eal: add new secure free function Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 03/11] crypto/qat: force zero of keys Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 04/11] crypto/qat: fix size calculation for memset Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 05/11] crypto/qat: use secure memset Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 06/11] bus/uacce: remove memset before free Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 07/11] compress/octeontx: remove unnecessary memset Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 08/11] test: remove unneeded memset Stephen Hemminger
2024-11-14 2:35 ` [PATCH v3 09/11] net/ntnic: remove unnecessary void cast Stephen Hemminger
2024-11-17 18:16 ` Serhii Iliushyk
2024-11-14 2:35 ` [PATCH v3 10/11] net/ntnic: check result of malloc Stephen Hemminger
2024-11-17 18:24 ` Serhii Iliushyk
2024-11-14 2:36 ` [PATCH v3 11/11] net/ntnic: remove unnecessary memset Stephen Hemminger
2024-11-17 18:26 ` Serhii Iliushyk
2024-11-14 18:43 ` [PATCH v4 00/12] memset security fixes Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 01/12] eal: introduce new secure memory fill Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 02/12] eal: add new secure free function Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 03/12] crypto/qat: force zero of keys Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 04/12] crypto/qat: fix size calculation for memset Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 05/12] crypto/qat: use secure memset Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 06/12] bus/uacce: remove memset before free Stephen Hemminger
2024-11-15 6:04 ` fengchengwen
2024-11-14 18:43 ` [PATCH v4 07/12] compress/octeontx: remove unnecessary memset Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 08/12] test: remove unneeded memset Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 09/12] net/ntnic: remove unnecessary void cast Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 10/12] net/ntnic: check result of malloc Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 11/12] net/ntnic: remove unnecessary memset Stephen Hemminger
2024-11-14 18:43 ` [PATCH v4 12/12] devtools/cocci: add script to find problematic memset Stephen Hemminger
2025-02-11 17:35 ` [PATCH v5 00/11] memset security fixes Stephen Hemminger
2025-02-11 17:35 ` [PATCH v5 01/11] eal: introduce new secure memory fill Stephen Hemminger
2025-02-12 1:37 ` fengchengwen
2025-02-12 9:09 ` Morten Brørup
2025-02-11 17:35 ` [PATCH v5 02/11] eal: add new secure free function Stephen Hemminger
2025-02-12 2:01 ` fengchengwen
2025-02-12 6:46 ` Stephen Hemminger [this message]
2025-02-11 17:35 ` [PATCH v5 03/11] crypto/qat: force zero of keys Stephen Hemminger
2025-02-11 17:35 ` [PATCH v5 04/11] crypto/qat: fix size calculation for memset Stephen Hemminger
2025-02-11 17:35 ` [PATCH v5 05/11] crypto/qat: use secure memset Stephen Hemminger
2025-02-11 17:35 ` [PATCH v5 06/11] bus/uacce: remove memset before free Stephen Hemminger
2025-02-11 17:35 ` [PATCH v5 07/11] compress/octeontx: remove unnecessary memset Stephen Hemminger
2025-02-11 17:35 ` [PATCH v5 08/11] test: remove unneeded memset Stephen Hemminger
2025-02-12 1:40 ` fengchengwen
2025-02-11 17:35 ` [PATCH v5 09/11] net/ntnic: check result of malloc Stephen Hemminger
2025-02-11 17:35 ` [PATCH v5 10/11] net/ntnic: remove unnecessary memset Stephen Hemminger
2025-02-11 17:35 ` [PATCH v5 11/11] devtools/cocci: add script to find problematic memset Stephen Hemminger
2025-02-11 20:59 ` [PATCH v5 00/11] memset security fixes Patrick Robb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250211224625.4ed4f058@hermes.local \
--to=stephen@networkplumber.org \
--cc=anatoly.burakov@intel.com \
--cc=dev@dpdk.org \
--cc=fengchengwen@huawei.com \
--cc=roretzla@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).