Bug 82041 - memset optimized out in random.c
Summary: memset optimized out in random.c
Status: NEW
Alias: None
Product: Drivers
Classification: Unclassified
Component: Other (show other bugs)
Hardware: x86-64 Linux
: P1 normal
Assignee: drivers_other
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-09 17:33 UTC by zatimend
Modified: 2014-08-25 17:16 UTC (History)
3 users (show)

See Also:
Kernel Version: 3.16
Tree: Mainline
Regression: No


Attachments
force memset calls (1.81 KB, patch)
2014-08-25 17:16 UTC, hannes
Details | Diff

Description zatimend 2014-08-09 17:33:10 UTC
When looking at drivers/char/random.c, I noticed in the compile output the 
code for memset() had been optimized out. This is normal action of GCC for 
variables which are about to go out of scope. This causes a small security 
risk as sensitive data is not cleared after use.

Found by looking at the output of objdump -S random.o, functions
extract_buf, extract_entropy, extract_entropy_user

Kernel 3.16 (gentoo), GCC 4.8.3, on a Intel i7 (X86_64) processor.
Comment 1 Alexey Dobriyan 2014-08-12 11:47:34 UTC
same issue all over crypto/ as well
Comment 2 Alan 2014-08-21 18:19:05 UTC
Probably we need a memset_me_harder() that ensures gcc knows to behave (casting to volatile perhaps ?)
Comment 3 hannes 2014-08-25 17:16:10 UTC
Created attachment 148081 [details]
force memset calls

Note You need to log in before you can comment on or make changes to this bug.