Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

need secure memset/memzero #63

Closed
rurban opened this issue Dec 24, 2018 · 0 comments
Closed

need secure memset/memzero #63

rurban opened this issue Dec 24, 2018 · 0 comments
Assignees
@rurban
Labels
bug

Comments

@rurban
Copy link
Owner

rurban commented Dec 24, 2018
edited
Loading

See SecureZeroMemory, but the mingw variant misses an compiler barrier and memory barrier (a full mfence).
This is a winnt.h/WinBase.h macro to an inlined (header-only) RtlSecureZeroMemory, which is a worse version than our mem_prim_set(). See the mingw sources. The compiler barrier might be there with the volatile dest, but this is a big maybe. It just uses a volatile dest and then loops by char. On x86_64 it uses stosb. Our implementation is much better for larger sizes, and equally secure.

On glibc maybe try explicit_bzero, elsewhere use a volatile dest to avoid compiler optimizations skip the memset_s/memzero_s/mem_prim_set call.

But explicit_bzero is just a memset with a barrier:

memset (s, '\0', len);
/* Compiler barrier.  */
asm volatile ("" ::: "memory");

Since most speculative CPU's are broken regarding out of order memory insns, prefer mfence over the simple compiler barrier. (Spectre, Meltdown). We need to ensure that no load can be done on stored memset's to avoid leaking private/secure data. A compiler barrier just ensures that the compiler will not re-order a load before the store, and will dump all regs to memory. But we have a HW problem also.

See e.g.
rurban added a commit that referenced this issue Dec 24, 2018
@rurban
better memset_s, memzero_s, mem_prim_set* (#63)
dad5154 
on Windows try SecureZeroMemory,
on glibc try explicit_bzero,
elsewhere use a volatile dest to avoid
compiler optimizations skip the memset_s/memzero_s/mem_prim_set call.

See e.g. https://wiki.sei.cmu.edu/confluence/display/c/MSC06-C.+Beware+of+compiler+optimization
or https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9788.html
rurban added a commit that referenced this issue Dec 24, 2018
@rurban
no SecureZeroMemory (#63)
e70f26f 
This is a winnt.h/WinBase.h macro to an inlined (header-only)
RtlSecureZeroMemory, which is a worse version than our
mem_prim_set(). See the mingw sources.
It just uses a volatile dest and then loops by char. On x86_64 it uses
stosb. Our implementation is much better for larger sizes, and equally secure.

Revert part of 7e5e117
rurban added a commit that referenced this issue Dec 24, 2018
@rurban
memset_s: add memory fences (#63)
c2afc7a 
Similar to glibc explicit_bzero()
See also https://stackoverflow.com/questions/20316124/does-it-make-any-sense-to-use-the-lfence-instruction-on-x86-x86-64-processors
rurban added a commit that referenced this issue Dec 24, 2018
@rurban
memset_s: more memory_barrier insns per arch (#63)
2ae7e2b 
check various memory_barrier insns (mfence, sfence, lwsync, membar,
lock..., memory_barrier) and use it for the memset primitives
to reliably sync memory stores with possibly re-ordered loads.
Spectre, Meltdown.
Note that glibc explicit_bzero only does a simple compiler barrier,
which is not Spectre, Meltdown secure.
rurban added a commit that referenced this issue Dec 24, 2018
@rurban
memset_s: more memory_barrier insns per arch (#63)
f26bd27 
check various memory_barrier insns (mfence, sfence, lwsync, membar,
lock..., memory_barrier) and use it for the memset primitives
to reliably sync memory stores with possibly re-ordered loads.
Spectre, Meltdown.
Note that glibc explicit_bzero only does a simple compiler barrier,
which is not Spectre, Meltdown secure.
rurban added a commit that referenced this issue Dec 24, 2018
@rurban
memset_s: more memory_barrier insns per arch (#63)
59c6b4a 
check various memory_barrier insns (mfence, sfence, lwsync, membar,
lock..., memory_barrier) and use it for the memset primitives
to reliably sync memory stores with possibly re-ordered loads.
Spectre, Meltdown.
Note that glibc explicit_bzero only does a simple compiler barrier,
which is not Spectre, Meltdown secure.
rurban added a commit that referenced this issue Dec 24, 2018
@rurban
memset_s: more memory_barrier insns per arch (#63)
83ffe01 
check various memory_barrier insns (mfence, sfence, lwsync, membar,
lock..., memory_barrier) and use it for the memset primitives
to reliably sync memory stores with possibly re-ordered loads.
Spectre, Meltdown.
Note that glibc explicit_bzero only does a simple compiler barrier,
which is not Spectre, Meltdown secure.
@rurban rurban self-assigned this Dec 24, 2018
@rurban rurban added the bug label Dec 24, 2018
@rurban rurban closed this as completed Dec 25, 2018
@rurban rurban mentioned this issue Jan 23, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rurban rurban

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rurban