msg/async: audit memset & bzero users for FIPS.

CONFLICT src/msg/async/rdma/Infiniband.cc: some parts of
the memset audit made for master were conflicted with
nautilus, and thus have been stripped.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
(cherry picked from commit 38084250115fc15df221c94535b0223a8cab0634)

diff --git a/src/msg/async/Event.h b/src/msg/async/Event.h
index abd27845c88ce0ad098450bd485d4b4d3f177a45..6736060ea1a0f1310f8622d936aee004f55038e5 100644 (file)
--- a/src/msg/async/Event.h
+++ b/src/msg/async/Event.h
@@ -95,6 +95,7 @@ class EventCenter {
   struct AssociatedCenters {
     EventCenter *centers[MAX_EVENTCENTER];
     AssociatedCenters() {
+      // FIPS zeroization audit 20191115: this memset is not security related.
       memset(centers, 0, MAX_EVENTCENTER * sizeof(EventCenter*));
     }
   };

diff --git a/src/msg/async/PosixStack.cc b/src/msg/async/PosixStack.cc
index 2757ce8b545e3c9b9527091b9c90be3eec0145c0..e9c8d4042a2b2892346c83a489821673473439aa 100644 (file)
--- a/src/msg/async/PosixStack.cc
+++ b/src/msg/async/PosixStack.cc
@@ -119,6 +119,7 @@ class PosixConnectedSocketImpl final : public ConnectedSocketImpl {
       struct iovec msgvec[IOV_MAX];
       uint64_t size = std::min<uint64_t>(left_pbrs, IOV_MAX);
       left_pbrs -= size;
+      // FIPS zeroization audit 20191115: this memset is not security related.
       memset(&msg, 0, sizeof(msg));
       msg.msg_iovlen = size;
       msg.msg_iov = msgvec;

diff --git a/src/msg/async/ProtocolV1.cc b/src/msg/async/ProtocolV1.cc
index 06771d0de5b8b593e7bf0bab4c136cf210405f09..59071716066840d841065e0013c93f650dc99319 100644 (file)
--- a/src/msg/async/ProtocolV1.cc
+++ b/src/msg/async/ProtocolV1.cc
@@ -97,6 +97,7 @@ void ProtocolV1::connect() {
     authorizer = nullptr;
   }
   authorizer_buf.clear();
+  // FIPS zeroization audit 20191115: these memsets are not security related.
   memset(&connect_msg, 0, sizeof(connect_msg));
   memset(&connect_reply, 0, sizeof(connect_reply));
 
@@ -1500,6 +1501,7 @@ CtPtr ProtocolV1::handle_connect_message_write(int r) {
 CtPtr ProtocolV1::wait_connect_reply() {
   ldout(cct, 20) << __func__ << dendl;
 
+  // FIPS zeroization audit 20191115: this memset is not security related.
   memset(&connect_reply, 0, sizeof(connect_reply));
   return READ(sizeof(connect_reply), handle_connect_reply_1);
 }
@@ -1828,6 +1830,7 @@ CtPtr ProtocolV1::handle_client_banner(char *buffer, int r) {
 CtPtr ProtocolV1::wait_connect_message() {
   ldout(cct, 20) << __func__ << dendl;
 
+  // FIPS zeroization audit 20191115: this memset is not security related.
   memset(&connect_msg, 0, sizeof(connect_msg));
   return READ(sizeof(connect_msg), handle_connect_message_1);
 }
@@ -1892,6 +1895,7 @@ CtPtr ProtocolV1::handle_connect_message_2() {
   ceph_msg_connect_reply reply;
   bufferlist authorizer_reply;
 
+  // FIPS zeroization audit 20191115: this memset is not security related.
   memset(&reply, 0, sizeof(reply));
   reply.protocol_version =
       messenger->get_proto_version(connection->peer_type, false);
@@ -2494,6 +2498,7 @@ CtPtr ProtocolV1::server_ready() {
                 << dendl;
 
   ldout(cct, 20) << __func__ << " accept done" << dendl;
+  // FIPS zeroization audit 20191115: this memset is not security related.
   memset(&connect_msg, 0, sizeof(connect_msg));
 
   if (connection->delay_state) {

diff --git a/src/msg/async/frames_v2.h b/src/msg/async/frames_v2.h
index b08943c5e5cc69cab5b696aba73adaf439d6217b..6827622d67ec14af0fba4069cc1e03250acaaea4 100644 (file)
--- a/src/msg/async/frames_v2.h
+++ b/src/msg/async/frames_v2.h
@@ -195,6 +195,7 @@ private:
     ceph_assert(std::size(segments) <= MAX_NUM_SEGMENTS);
 
     preamble_block_t main_preamble;
+    // FIPS zeroization audit 20191115: this memset is not security related.
     ::memset(&main_preamble, 0, sizeof(main_preamble));
 
     main_preamble.tag = static_cast<__u8>(T::tag);
@@ -263,6 +264,8 @@ public:
       // called auth tag) will be added by the cipher.
       {
         epilogue_secure_block_t epilogue;
+        // FIPS zeroization audit 20191115: this memset is not security
+        // related.
         ::memset(&epilogue, 0, sizeof(epilogue));
         ceph::bufferlist epilogue_bl;
         epilogue_bl.append(reinterpret_cast<const char*>(&epilogue),
@@ -273,6 +276,7 @@ public:
     } else {
       // plain mode
       epilogue_plain_block_t epilogue;
+      // FIPS zeroization audit 20191115: this memset is not security related.
       ::memset(&epilogue, 0, sizeof(epilogue));
 
       ceph::bufferlist::const_iterator hdriter(&segments.front(),

diff --git a/src/msg/async/rdma/Infiniband.cc b/src/msg/async/rdma/Infiniband.cc
index 858cdd1aa4df3842351e8fb95b95850665cfca62..34299975f27b7a4137c3d07cc22a5400e6b894ca 100644 (file)
--- a/src/msg/async/rdma/Infiniband.cc
+++ b/src/msg/async/rdma/Infiniband.cc
@@ -186,6 +186,7 @@ int Infiniband::QueuePair::init()
 {
   ldout(cct, 20) << __func__ << " started." << dendl;
   ibv_qp_init_attr qpia;
+  // FIPS zeroization audit 20191115: this memset is not security related.
   memset(&qpia, 0, sizeof(qpia));
   qpia.send_cq = txcq->get_cq();
   qpia.recv_cq = rxcq->get_cq();
@@ -607,6 +608,7 @@ int Infiniband::MemoryManager::Cluster::fill(uint32_t num)
   end = base + bytes;
   ceph_assert(base);
   chunk_base = static_cast<Chunk*>(::malloc(sizeof(Chunk) * num));
+  // FIPS zeroization audit 20191115: this memset is not security related.
   memset(static_cast<void*>(chunk_base), 0, sizeof(Chunk) * num);
   free_chunks.reserve(num);
   ibv_mr* m = ibv_reg_mr(manager.pd->pd, base, bytes, IBV_ACCESS_REMOTE_WRITE | IBV_ACCESS_LOCAL_WRITE);
@@ -979,6 +981,7 @@ Infiniband::~Infiniband()
 ibv_srq* Infiniband::create_shared_receive_queue(uint32_t max_wr, uint32_t max_sge)
 {
   ibv_srq_init_attr sia;
+  // FIPS zeroization audit 20191115: this memset is not security related.
   memset(&sia, 0, sizeof(sia));
   sia.srq_context = device->ctxt;
   sia.attr.max_wr = max_wr;

diff --git a/src/msg/async/rdma/RDMAConnectedSocketImpl.cc b/src/msg/async/rdma/RDMAConnectedSocketImpl.cc
index bf9d072ef9a55019ef557e6e119b1fc3f587f58c..37a4eef4c03afddaac5e6827910e766a2a50225f 100644 (file)
--- a/src/msg/async/rdma/RDMAConnectedSocketImpl.cc
+++ b/src/msg/async/rdma/RDMAConnectedSocketImpl.cc
@@ -542,6 +542,7 @@ int RDMAConnectedSocketImpl::post_work_request(std::vector<Chunk*> &tx_buffers)
   ibv_send_wr* pre_wr = NULL;
   uint32_t num = 0; 
 
+  // FIPS zeroization audit 20191115: these memsets are not security related.
   memset(iswr, 0, sizeof(iswr));
   memset(isge, 0, sizeof(isge));
  
@@ -588,6 +589,7 @@ int RDMAConnectedSocketImpl::post_work_request(std::vector<Chunk*> &tx_buffers)
 
 void RDMAConnectedSocketImpl::fin() {
   ibv_send_wr wr;
+  // FIPS zeroization audit 20191115: this memset is not security related.
   memset(&wr, 0, sizeof(wr));
 
   wr.wr_id = reinterpret_cast<uint64_t>(qp);

diff --git a/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc b/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc
index ca39b09f26d4c98e123a51257d9194ea9039feb2..432c2d2bc0ca5ce438599b0d9da5f6683c6bee19 100644 (file)
--- a/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc
+++ b/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc
@@ -99,6 +99,7 @@ void RDMAIWARPConnectedSocketImpl::handle_cm_connection() {
       local_qpn = qp->get_local_qp_number();
       my_msg.qpn = local_qpn;
 
+      // FIPS zeroization audit 20191115: this memset is not security related.
       memset(&cm_params, 0, sizeof(cm_params));
       cm_params.retry_count = RETRY_COUNT;
       cm_params.qp_num = local_qpn;

diff --git a/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc b/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc
index 7ffb8fbe56a5178aea08db805cf32e99e9bfede3..210eaf003388b716e9c7c49fe72c9d0a7e5d5ed1 100644 (file)
--- a/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc
+++ b/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc
@@ -78,6 +78,7 @@ int RDMAIWARPServerSocketImpl::accept(ConnectedSocket *sock, const SocketOptions
   RDMAIWARPConnectedSocketImpl* server =
     new RDMAIWARPConnectedSocketImpl(cct, infiniband, dispatcher, dynamic_cast<RDMAWorker*>(w), &info);
 
+  // FIPS zeroization audit 20191115: this memset is not security related.
   memset(&local_conn_param, 0, sizeof(local_conn_param));
   local_conn_param.qp_num = server->get_local_qpn();