|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] x86/tboot: actually wipe contexts
commit b08600e2d6b58eca29d72f6cb6672a5cba5baed4
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Mon Dec 12 12:27:30 2022 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Dec 12 12:27:30 2022 +0100
x86/tboot: actually wipe contexts
Especially with our use of __builtin_memset() to implement memset() the
compiler is free to eliminate instances when it can prove that the
affected object is dead. Introduce a small helper function accompanying
the memset() with a construct forcing the compiler to retain the
clearing of (stack) memory.
Fixes: c021c95498d9 ("x86: Replace our own specialised versions of memset
and memcpy with")
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx>
Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
xen/arch/x86/tboot.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c
index 68bee222dd..90f6e805a9 100644
--- a/xen/arch/x86/tboot.c
+++ b/xen/arch/x86/tboot.c
@@ -179,6 +179,17 @@ static void update_iommu_mac(vmac_ctx_t *ctx, uint64_t
pt_maddr, int level)
#define is_page_in_use(page) \
(page_state_is(page, inuse) || page_state_is(page, offlining))
+/* Wipe ctx to ensure key is not left in memory. */
+static void wipe_ctx(vmac_ctx_t *ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+ /*
+ * Make sure the compiler won't optimize out the memset(), for the local
+ * variable (at the call sites) going out of scope right afterwards.
+ */
+ asm volatile ( "" :: "m" (*ctx) );
+}
+
static void tboot_gen_domain_integrity(const uint8_t key[TB_KEY_SIZE],
vmac_t *mac)
{
@@ -216,8 +227,7 @@ static void tboot_gen_domain_integrity(const uint8_t
key[TB_KEY_SIZE],
*mac = vmac(NULL, 0, nonce, NULL, &ctx);
- /* wipe ctx to ensure key is not left in memory */
- memset(&ctx, 0, sizeof(ctx));
+ wipe_ctx(&ctx);
}
static void tboot_gen_xenheap_integrity(const uint8_t key[TB_KEY_SIZE],
@@ -247,8 +257,7 @@ static void tboot_gen_xenheap_integrity(const uint8_t
key[TB_KEY_SIZE],
}
*mac = vmac(NULL, 0, nonce, NULL, &ctx);
- /* wipe ctx to ensure key is not left in memory */
- memset(&ctx, 0, sizeof(ctx));
+ wipe_ctx(&ctx);
}
static void tboot_gen_frametable_integrity(const uint8_t key[TB_KEY_SIZE],
@@ -276,8 +285,7 @@ static void tboot_gen_frametable_integrity(const uint8_t
key[TB_KEY_SIZE],
*mac = vmac(NULL, 0, nonce, NULL, &ctx);
- /* wipe ctx to ensure key is not left in memory */
- memset(&ctx, 0, sizeof(ctx));
+ wipe_ctx(&ctx);
}
void tboot_shutdown(uint32_t shutdown_type)
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |