> We have a test "dmsecuretest.sh" that loads cryptographic keys into the > kernel, dumps a core, the core file is analyzed and if it contains the > key, the test fails. > > This test fails on AMD Zen 4 - the reason for the failure is that the > "memcpy" function uses ZMM registers for data copying. When memcpy exits, > the encryption key is present in the ZMM registers and the key remains > there even after both source and destination buffers of memcpy were > cleared. > > When we perform dynamic symbol lookup, the ZMM registers are spilled on > the stack and they remain there forever - this is the reason why the core > file contains the encryption key and the test fails. So let me ask a few obvious questions, as someone with not (yet) deep insights into the problem. * Shouldn't this be treated as a security issue? * Are the expectations on where the (key) data may end up defined somewhere? * If yes, which component behaves faulty? * If no, who needs to be involved in making the specs? -- Andreas K. Hüttel dilfridge@xxxxxxxxxx Gentoo Linux developer (council, comrel, toolchain, base-system, perl, libreoffice) https://wiki.gentoo.org/wiki/User:Dilfridge
Attachment:
signature.asc
Description: This is a digitally signed message part.
