From 596f058fdfbc68cc907dab8f4658fff82a718efd Mon Sep 17 00:00:00 2001 From: Radoslaw Zarzynski Date: Fri, 15 Nov 2019 23:53:31 +0100 Subject: [PATCH] msg/async: audit memset & bzero users for FIPS. CONFLICT src/msg/async/rdma/Infiniband.cc: some parts of the memset audit made for master were conflicted with nautilus, and thus have been stripped. Signed-off-by: Radoslaw Zarzynski (cherry picked from commit 38084250115fc15df221c94535b0223a8cab0634) --- src/msg/async/Event.h | 1 + src/msg/async/PosixStack.cc | 1 + src/msg/async/ProtocolV1.cc | 5 +++++ src/msg/async/frames_v2.h | 4 ++++ src/msg/async/rdma/Infiniband.cc | 3 +++ src/msg/async/rdma/RDMAConnectedSocketImpl.cc | 2 ++ src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc | 1 + src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc | 1 + 8 files changed, 18 insertions(+) diff --git a/src/msg/async/Event.h b/src/msg/async/Event.h index abd27845c88ce..6736060ea1a0f 100644 --- a/src/msg/async/Event.h +++ b/src/msg/async/Event.h @@ -95,6 +95,7 @@ class EventCenter { struct AssociatedCenters { EventCenter *centers[MAX_EVENTCENTER]; AssociatedCenters() { + // FIPS zeroization audit 20191115: this memset is not security related. memset(centers, 0, MAX_EVENTCENTER * sizeof(EventCenter*)); } }; diff --git a/src/msg/async/PosixStack.cc b/src/msg/async/PosixStack.cc index 2757ce8b545e3..e9c8d4042a2b2 100644 --- a/src/msg/async/PosixStack.cc +++ b/src/msg/async/PosixStack.cc @@ -119,6 +119,7 @@ class PosixConnectedSocketImpl final : public ConnectedSocketImpl { struct iovec msgvec[IOV_MAX]; uint64_t size = std::min(left_pbrs, IOV_MAX); left_pbrs -= size; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&msg, 0, sizeof(msg)); msg.msg_iovlen = size; msg.msg_iov = msgvec; diff --git a/src/msg/async/ProtocolV1.cc b/src/msg/async/ProtocolV1.cc index 06771d0de5b8b..5907171606684 100644 --- a/src/msg/async/ProtocolV1.cc +++ b/src/msg/async/ProtocolV1.cc @@ -97,6 +97,7 @@ void ProtocolV1::connect() { authorizer = nullptr; } authorizer_buf.clear(); + // FIPS zeroization audit 20191115: these memsets are not security related. memset(&connect_msg, 0, sizeof(connect_msg)); memset(&connect_reply, 0, sizeof(connect_reply)); @@ -1500,6 +1501,7 @@ CtPtr ProtocolV1::handle_connect_message_write(int r) { CtPtr ProtocolV1::wait_connect_reply() { ldout(cct, 20) << __func__ << dendl; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&connect_reply, 0, sizeof(connect_reply)); return READ(sizeof(connect_reply), handle_connect_reply_1); } @@ -1828,6 +1830,7 @@ CtPtr ProtocolV1::handle_client_banner(char *buffer, int r) { CtPtr ProtocolV1::wait_connect_message() { ldout(cct, 20) << __func__ << dendl; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&connect_msg, 0, sizeof(connect_msg)); return READ(sizeof(connect_msg), handle_connect_message_1); } @@ -1892,6 +1895,7 @@ CtPtr ProtocolV1::handle_connect_message_2() { ceph_msg_connect_reply reply; bufferlist authorizer_reply; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&reply, 0, sizeof(reply)); reply.protocol_version = messenger->get_proto_version(connection->peer_type, false); @@ -2494,6 +2498,7 @@ CtPtr ProtocolV1::server_ready() { << dendl; ldout(cct, 20) << __func__ << " accept done" << dendl; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&connect_msg, 0, sizeof(connect_msg)); if (connection->delay_state) { diff --git a/src/msg/async/frames_v2.h b/src/msg/async/frames_v2.h index b08943c5e5cc6..6827622d67ec1 100644 --- a/src/msg/async/frames_v2.h +++ b/src/msg/async/frames_v2.h @@ -195,6 +195,7 @@ private: ceph_assert(std::size(segments) <= MAX_NUM_SEGMENTS); preamble_block_t main_preamble; + // FIPS zeroization audit 20191115: this memset is not security related. ::memset(&main_preamble, 0, sizeof(main_preamble)); main_preamble.tag = static_cast<__u8>(T::tag); @@ -263,6 +264,8 @@ public: // called auth tag) will be added by the cipher. { epilogue_secure_block_t epilogue; + // FIPS zeroization audit 20191115: this memset is not security + // related. ::memset(&epilogue, 0, sizeof(epilogue)); ceph::bufferlist epilogue_bl; epilogue_bl.append(reinterpret_cast(&epilogue), @@ -273,6 +276,7 @@ public: } else { // plain mode epilogue_plain_block_t epilogue; + // FIPS zeroization audit 20191115: this memset is not security related. ::memset(&epilogue, 0, sizeof(epilogue)); ceph::bufferlist::const_iterator hdriter(&segments.front(), diff --git a/src/msg/async/rdma/Infiniband.cc b/src/msg/async/rdma/Infiniband.cc index 858cdd1aa4df3..34299975f27b7 100644 --- a/src/msg/async/rdma/Infiniband.cc +++ b/src/msg/async/rdma/Infiniband.cc @@ -186,6 +186,7 @@ int Infiniband::QueuePair::init() { ldout(cct, 20) << __func__ << " started." << dendl; ibv_qp_init_attr qpia; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&qpia, 0, sizeof(qpia)); qpia.send_cq = txcq->get_cq(); qpia.recv_cq = rxcq->get_cq(); @@ -607,6 +608,7 @@ int Infiniband::MemoryManager::Cluster::fill(uint32_t num) end = base + bytes; ceph_assert(base); chunk_base = static_cast(::malloc(sizeof(Chunk) * num)); + // FIPS zeroization audit 20191115: this memset is not security related. memset(static_cast(chunk_base), 0, sizeof(Chunk) * num); free_chunks.reserve(num); ibv_mr* m = ibv_reg_mr(manager.pd->pd, base, bytes, IBV_ACCESS_REMOTE_WRITE | IBV_ACCESS_LOCAL_WRITE); @@ -979,6 +981,7 @@ Infiniband::~Infiniband() ibv_srq* Infiniband::create_shared_receive_queue(uint32_t max_wr, uint32_t max_sge) { ibv_srq_init_attr sia; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&sia, 0, sizeof(sia)); sia.srq_context = device->ctxt; sia.attr.max_wr = max_wr; diff --git a/src/msg/async/rdma/RDMAConnectedSocketImpl.cc b/src/msg/async/rdma/RDMAConnectedSocketImpl.cc index bf9d072ef9a55..37a4eef4c03af 100644 --- a/src/msg/async/rdma/RDMAConnectedSocketImpl.cc +++ b/src/msg/async/rdma/RDMAConnectedSocketImpl.cc @@ -542,6 +542,7 @@ int RDMAConnectedSocketImpl::post_work_request(std::vector &tx_buffers) ibv_send_wr* pre_wr = NULL; uint32_t num = 0; + // FIPS zeroization audit 20191115: these memsets are not security related. memset(iswr, 0, sizeof(iswr)); memset(isge, 0, sizeof(isge)); @@ -588,6 +589,7 @@ int RDMAConnectedSocketImpl::post_work_request(std::vector &tx_buffers) void RDMAConnectedSocketImpl::fin() { ibv_send_wr wr; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&wr, 0, sizeof(wr)); wr.wr_id = reinterpret_cast(qp); diff --git a/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc b/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc index ca39b09f26d4c..432c2d2bc0ca5 100644 --- a/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc +++ b/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc @@ -99,6 +99,7 @@ void RDMAIWARPConnectedSocketImpl::handle_cm_connection() { local_qpn = qp->get_local_qp_number(); my_msg.qpn = local_qpn; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&cm_params, 0, sizeof(cm_params)); cm_params.retry_count = RETRY_COUNT; cm_params.qp_num = local_qpn; diff --git a/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc b/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc index 7ffb8fbe56a51..210eaf003388b 100644 --- a/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc +++ b/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc @@ -78,6 +78,7 @@ int RDMAIWARPServerSocketImpl::accept(ConnectedSocket *sock, const SocketOptions RDMAIWARPConnectedSocketImpl* server = new RDMAIWARPConnectedSocketImpl(cct, infiniband, dispatcher, dynamic_cast(w), &info); + // FIPS zeroization audit 20191115: this memset is not security related. memset(&local_conn_param, 0, sizeof(local_conn_param)); local_conn_param.qp_num = server->get_local_qpn(); -- 2.39.5