From: "Zack Weinberg" <zack@owlfolio.org>
To: "Paul Eggert" <eggert@cs.ucla.edu>,
"Mikulas Patocka" <mpatocka@redhat.com>,
"H . J . Lu" <hjl.tools@gmail.com>
Cc: "GNU libc development" <libc-alpha@sourceware.org>,
"Zdenek Kabelac" <zkabelac@redhat.com>,
"Ondrej Kozina" <okozina@redhat.com>,
"Milan Broz" <gmazyland@gmail.com>,
dm-devel@lists.linux.dev
Subject: Re: memcpy is leaking secret data through ZMM vector registers
Date: Fri, 19 Apr 2024 14:47:40 -0400 [thread overview]
Message-ID: <d387436c-8c35-4f51-bf49-dc02d829c73a@app.fastmail.com> (raw)
In-Reply-To: <9cefd07d-2940-4865-bd77-3dd0899a539f@cs.ucla.edu>
On Fri, Apr 19, 2024, at 2:45 PM, Paul Eggert wrote:
> On 4/19/24 11:04, Mikulas Patocka wrote:
>> There's already "explicit_bzero", so maybe we could add
>> "explicit_memcpy"
>
> Where would this stop? Wouldn't we also need explicit_memcmp,
> explicit_memmove, explicit_mempcpy, etc.? Pretty much any function that
> looks at memory could have the problem. Even C source code that doesn't
> invoke any C library function could have the problem.
As I recall, one of the arguments for _not_ adding explicit_bzero to glibc
was that we couldn't guarantee copies of the secret data wouldn't hang
around in registers.
Is a hypothetical function __attribute__((clear_call_clobbered_regs_on_exit))
what we need here instead, maybe?
zw
next prev parent reply other threads:[~2024-04-19 18:48 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-19 14:07 memcpy is leaking secret data through ZMM vector registers Mikulas Patocka
2024-04-19 14:19 ` H.J. Lu
2024-04-19 14:24 ` Mikulas Patocka
2024-04-19 14:37 ` H.J. Lu
2024-04-19 18:04 ` Mikulas Patocka
2024-04-19 18:45 ` Paul Eggert
2024-04-19 18:47 ` Zack Weinberg [this message]
2024-04-19 18:53 ` Alexander Monakov
2024-04-19 19:11 ` Zack Weinberg
2024-04-19 20:15 ` Mikulas Patocka
2024-04-19 20:31 ` Zack Weinberg
2024-04-19 21:11 ` Mikulas Patocka
2024-04-19 23:27 ` Florian Weimer
2024-04-20 3:29 ` Zack Weinberg
2024-04-21 1:20 ` Andreas K. Huettel
2024-04-22 9:33 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d387436c-8c35-4f51-bf49-dc02d829c73a@app.fastmail.com \
--to=zack@owlfolio.org \
--cc=dm-devel@lists.linux.dev \
--cc=eggert@cs.ucla.edu \
--cc=gmazyland@gmail.com \
--cc=hjl.tools@gmail.com \
--cc=libc-alpha@sourceware.org \
--cc=mpatocka@redhat.com \
--cc=okozina@redhat.com \
--cc=zkabelac@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).