There are several malloc tests and switching to the table
driven unit test runner improves readability and makes adding
new tests easier.
Signed-off-by: Stephen Hemminger
---
app/test/test_malloc.c | 166 +
1 file changed, 70 insertions(+), 96 deletions(-)
Script that converts memset before free into rte_memset_sensitive
and memset before rte_free into rte_free_sensitive
Signed-off-by: Stephen Hemminger
---
devtools/cocci/memset_free.cocci | 9 +
1 file changed, 9 insertions(+)
create mode 100644 devtools/cocci/memset_free.cocci
diff --g
Need to check the result of malloc() before calling memset.
This is only place in this driver that forgot, other code
does check.
Fixes: 0d9bca480e26 ("net/ntnic: add FPGA modules for initialization")
cc: sta...@dpdk.org
Signed-off-by: Stephen Hemminger
---
drivers/net/ntnic/nthw/nthw_rac.c | 4
Calling memset before free() has no effect and will be flagged
by security parsing tools as a potential bug. None of these data
structures have sensitive information.
Signed-off-by: Stephen Hemminger
---
drivers/net/ntnic/nthw/core/nthw_hif.c| 5 +
drivers/net/ntnic/nthw/core
Since tmp is not used later in the function, this memset
is unnecessary. Even though this is harmless,
it causes tools that look for security issues
around memset to flag this a bug.
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
app/test/test_cmdline_cirbuf.c | 2 --
1 file ch
Just doing memset() on keys is not enough, compiler can optimize
it away. Use new rte_memzero_explicit() and rte_free_sensitive().
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
drivers/crypto/qat/qat_sym_session.c | 33 ++--
1 file changed, 17 insertion
Calling memset before rte_free not necessary, and could be
removed by the compiler. In this case, the data is not security
sensitive so the memset can be removed. Some security scanning
tools will flag this.
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
drivers/compress/octeon
Doing memset before free maybe removed by compiler, and
is flagged by security scanning tools as potential problem.
In this case the memset is unnecessary.
Signed-off-by: Stephen Hemminger
Acked-by: Chengwen Feng
---
drivers/bus/uacce/uacce.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/d
Regular memset maybe removed by compiler if done before a free
function. Use new rte_free_sensitive instead.
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
drivers/crypto/qat/qat_asym.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/crypto/qat/q
The memset was always doing 0 bytes since size computed later.
Link: https://pvs-studio.com/en/blog/posts/cpp/1179/
Fixes: 3a80d7fb2ecd ("crypto/qat: support SHA3 plain hash")
Cc: sta...@dpdk.org
Signed-off-by: Stephen Hemminger
Acked-by: Bruce Richardson
---
drivers/crypto/qat/qat_sym_sessio
Although internally rte_free does poison the buffer in most
cases, it is useful to have function that explicitly does
this to avoid any security issues.
Name of new API is chosen to be similar to Linux kernel
kfree_sensitive() to make porting drivers easier.
Signed-off-by: Stephen Hemminger
Acke
A couple places in this code were generating warnings from
PVS studio about memset potentially being ignored. This is because
the ipv6_buf was declared but never used.
Signed-off-by: Stephen Hemminger
---
drivers/common/cnxk/roc_npc_utils.c | 4
1 file changed, 4 deletions(-)
diff --git a/
Similar to test for rte_memset_explicit, use a worker thread
to free and then check the result.
Signed-off-by: Stephen Hemminger
---
app/test/test_malloc.c | 39 +++
1 file changed, 39 insertions(+)
diff --git a/app/test/test_malloc.c b/app/test/test_malloc.c
Add a new test for rte_memzero_explcit.
Test strategy is based of glibc bzero_explicit test which
is based off a test in the OpenBSD regression test suite.
Signed-off-by: Stephen Hemminger
---
app/test/test_string_fns.c | 56 ++
1 file changed, 56 insertions(+
When memset() is used before a release function such as free,
the compiler if allowed to optimize the memset away under
the as-if rules. This is normally ok, but in certain cases such
as passwords or security keys it is problematic.
Introduce a DPDK wrapper which uses the bzero_explicit function
o
Switching to unit test table makes it easier to add new tests.
Signed-off-by: Stephen Hemminger
---
app/test/test_string_fns.c | 18 +++---
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/app/test/test_string_fns.c b/app/test/test_string_fns.c
index 3b311325dc..ce07c17
This series handles memset related bugs indentified by PVS Studio.
The root cause is that Gcc and other compilers are free to
optimize away memset called before free. This is handled in
other libraries and OS's by the use of special versions of zeroing
and free.
v7 - use bzero_explicit
- add st
> From: Stephen Hemminger [mailto:step...@networkplumber.org]
> Sent: Friday, 14 February 2025 18.20
>
> This series adds common macros for safe iteration over lists.
> It is a subset copy of the macros from FreeBSD that are
> missing from the Linux header sys/queue.h
>
> Chose this over several
> +
> +/**
Missing:
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice.
+ *
> + * Frees the memory space pointed to by the provided pointer
> + * and guarantees it will be zero'd before reuse. Since this
> + * function is slower than simple rte_free() it should only
> + *
> From: Stephen Hemminger [mailto:step...@networkplumber.org]
> Sent: Thursday, 13 February 2025 23.16
>
> When memset() is used before a release function such as free,
> the compiler if allowed to optimize the memset away under
> the as-if rules. This is normally ok, but in certain cases such
> a
Acked-by: Hemant Agrawal
21 matches
Mail list logo
