82041 – memset optimized out in random.c

Bug 82041 - memset optimized out in random.c

Summary: memset optimized out in random.c

Status:	NEW

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	x86-64 Linux

Importance:	P1 normal
Assignee:	drivers_other

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-08-09 17:33 UTC by zatimend
Modified:	2021-10-15 18:00 UTC (History)
CC List:	4 users (show)

See Also:
Kernel Version:	3.16
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
force memset calls (1.81 KB, patch) 2014-08-25 17:16 UTC, hannes	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Description zatimend 2014-08-09 17:33:10 UTC

When looking at drivers/char/random.c, I noticed in the compile output the 
code for memset() had been optimized out. This is normal action of GCC for 
variables which are about to go out of scope. This causes a small security 
risk as sensitive data is not cleared after use.

Found by looking at the output of objdump -S random.o, functions
extract_buf, extract_entropy, extract_entropy_user

Kernel 3.16 (gentoo), GCC 4.8.3, on a Intel i7 (X86_64) processor.

Comment 1 Alexey Dobriyan 2014-08-12 11:47:34 UTC

same issue all over crypto/ as well

Comment 2 Alan 2014-08-21 18:19:05 UTC

Probably we need a memset_me_harder() that ensures gcc knows to behave (casting to volatile perhaps ?)

Comment 3 hannes 2014-08-25 17:16:10 UTC

Created attachment 148081 [details]
force memset calls

Note You need to log in before you can comment on or make changes to this bug.