Bug 82041

Summary: memset optimized out in random.c
Product: Drivers Reporter: zatimend
Component: OtherAssignee: drivers_other
Status: NEW ---    
Severity: normal CC: adobriyan, alan, hannes, ucelsanicin
Priority: P1    
Hardware: x86-64   
OS: Linux   
Kernel Version: 3.16 Subsystem:
Regression: No Bisected commit-id:
Attachments: force memset calls

Description zatimend 2014-08-09 17:33:10 UTC 
When looking at drivers/char/random.c, I noticed in the compile output the 
code for memset() had been optimized out. This is normal action of GCC for 
variables which are about to go out of scope. This causes a small security 
risk as sensitive data is not cleared after use.

Found by looking at the output of objdump -S random.o, functions
extract_buf, extract_entropy, extract_entropy_user

Kernel 3.16 (gentoo), GCC 4.8.3, on a Intel i7 (X86_64) processor.
Comment 1 Alexey Dobriyan 2014-08-12 11:47:34 UTC 
same issue all over crypto/ as well
Comment 2 Alan 2014-08-21 18:19:05 UTC 
Probably we need a memset_me_harder() that ensures gcc knows to behave (casting to volatile perhaps ?)
Comment 3 hannes 2014-08-25 17:16:10 UTC 
Created attachment 148081 [details]
force memset calls