diff options
| author | Radoslaw Zarzynski <rzarzyns@redhat.com> | 2019-11-15 23:53:31 +0100 |
|---|---|---|
| committer | Radoslaw Zarzynski <rzarzyns@redhat.com> | 2019-11-17 11:55:23 +0100 |
| commit | 38084250115fc15df221c94535b0223a8cab0634 (patch) | |
| tree | 04f970646a0f634b80ba0dc080ebd5cd998c507b | |
| parent | common: switch to ceph::crypto::zeroize_for_security(). (diff) | |
| download | ceph-38084250115fc15df221c94535b0223a8cab0634.tar.xz ceph-38084250115fc15df221c94535b0223a8cab0634.zip | |
msg/async: audit memset & bzero users for FIPS.
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
| -rw-r--r-- | src/msg/async/Event.h | 1 | ||||
| -rw-r--r-- | src/msg/async/PosixStack.cc | 1 | ||||
| -rw-r--r-- | src/msg/async/ProtocolV1.cc | 5 | ||||
| -rw-r--r-- | src/msg/async/frames_v2.h | 4 | ||||
| -rw-r--r-- | src/msg/async/rdma/Infiniband.cc | 8 | ||||
| -rw-r--r-- | src/msg/async/rdma/RDMAConnectedSocketImpl.cc | 2 | ||||
| -rw-r--r-- | src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc | 1 | ||||
| -rw-r--r-- | src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc | 1 |
8 files changed, 23 insertions, 0 deletions
diff --git a/src/msg/async/Event.h b/src/msg/async/Event.h index 66958803038..d7dba443956 100644 --- a/src/msg/async/Event.h +++ b/src/msg/async/Event.h @@ -95,6 +95,7 @@ class EventCenter { struct AssociatedCenters { EventCenter *centers[MAX_EVENTCENTER]; AssociatedCenters() { + // FIPS zeroization audit 20191115: this memset is not security related. memset(centers, 0, MAX_EVENTCENTER * sizeof(EventCenter*)); } }; diff --git a/src/msg/async/PosixStack.cc b/src/msg/async/PosixStack.cc index eb7b343a367..92ec14e563e 100644 --- a/src/msg/async/PosixStack.cc +++ b/src/msg/async/PosixStack.cc @@ -119,6 +119,7 @@ class PosixConnectedSocketImpl final : public ConnectedSocketImpl { struct iovec msgvec[IOV_MAX]; uint64_t size = std::min<uint64_t>(left_pbrs, IOV_MAX); left_pbrs -= size; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&msg, 0, sizeof(msg)); msg.msg_iovlen = size; msg.msg_iov = msgvec; diff --git a/src/msg/async/ProtocolV1.cc b/src/msg/async/ProtocolV1.cc index 5fd2eb84294..a7d858a34b0 100644 --- a/src/msg/async/ProtocolV1.cc +++ b/src/msg/async/ProtocolV1.cc @@ -90,6 +90,7 @@ void ProtocolV1::connect() { // reset connect state variables authorizer_buf.clear(); + // FIPS zeroization audit 20191115: these memsets are not security related. memset(&connect_msg, 0, sizeof(connect_msg)); memset(&connect_reply, 0, sizeof(connect_reply)); @@ -1539,6 +1540,7 @@ CtPtr ProtocolV1::handle_connect_message_write(int r) { CtPtr ProtocolV1::wait_connect_reply() { ldout(cct, 20) << __func__ << dendl; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&connect_reply, 0, sizeof(connect_reply)); return READ(sizeof(connect_reply), handle_connect_reply_1); } @@ -1889,6 +1891,7 @@ CtPtr ProtocolV1::handle_client_banner(char *buffer, int r) { CtPtr ProtocolV1::wait_connect_message() { ldout(cct, 20) << __func__ << dendl; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&connect_msg, 0, sizeof(connect_msg)); return READ(sizeof(connect_msg), handle_connect_message_1); } @@ -1953,6 +1956,7 @@ CtPtr ProtocolV1::handle_connect_message_2() { ceph_msg_connect_reply reply; bufferlist authorizer_reply; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&reply, 0, sizeof(reply)); reply.protocol_version = messenger->get_proto_version(connection->peer_type, false); @@ -2556,6 +2560,7 @@ CtPtr ProtocolV1::server_ready() { << dendl; ldout(cct, 20) << __func__ << " accept done" << dendl; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&connect_msg, 0, sizeof(connect_msg)); if (connection->delay_state) { diff --git a/src/msg/async/frames_v2.h b/src/msg/async/frames_v2.h index 3f8708f237a..ddc42a489cf 100644 --- a/src/msg/async/frames_v2.h +++ b/src/msg/async/frames_v2.h @@ -194,6 +194,7 @@ private: ceph_assert(std::size(segments) <= MAX_NUM_SEGMENTS); preamble_block_t main_preamble; + // FIPS zeroization audit 20191115: this memset is not security related. ::memset(&main_preamble, 0, sizeof(main_preamble)); main_preamble.tag = static_cast<__u8>(T::tag); @@ -262,6 +263,8 @@ public: // called auth tag) will be added by the cipher. { epilogue_secure_block_t epilogue; + // FIPS zeroization audit 20191115: this memset is not security + // related. ::memset(&epilogue, 0, sizeof(epilogue)); ceph::bufferlist epilogue_bl; epilogue_bl.append(reinterpret_cast<const char*>(&epilogue), @@ -272,6 +275,7 @@ public: } else { // plain mode epilogue_plain_block_t epilogue; + // FIPS zeroization audit 20191115: this memset is not security related. ::memset(&epilogue, 0, sizeof(epilogue)); ceph::bufferlist::const_iterator hdriter(&segments.front(), diff --git a/src/msg/async/rdma/Infiniband.cc b/src/msg/async/rdma/Infiniband.cc index cdc438c61c2..1c113381e2b 100644 --- a/src/msg/async/rdma/Infiniband.cc +++ b/src/msg/async/rdma/Infiniband.cc @@ -186,6 +186,7 @@ Infiniband::QueuePair::QueuePair( int Infiniband::QueuePair::modify_qp_to_error(void) { ibv_qp_attr qpa; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&qpa, 0, sizeof(qpa)); qpa.qp_state = IBV_QPS_ERR; if (ibv_modify_qp(qp, &qpa, IBV_QP_STATE)) { @@ -200,6 +201,7 @@ int Infiniband::QueuePair::modify_qp_to_rts(void) { // move from RTR state RTS ibv_qp_attr qpa; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&qpa, 0, sizeof(qpa)); qpa.qp_state = IBV_QPS_RTS; /* @@ -234,6 +236,7 @@ int Infiniband::QueuePair::modify_qp_to_rtr(void) { // move from INIT to RTR state ibv_qp_attr qpa; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&qpa, 0, sizeof(qpa)); qpa.qp_state = IBV_QPS_RTR; qpa.path_mtu = IBV_MTU_1024; @@ -270,6 +273,7 @@ int Infiniband::QueuePair::modify_qp_to_init(void) { // move from RESET to INIT state ibv_qp_attr qpa; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&qpa, 0, sizeof(qpa)); qpa.qp_state = IBV_QPS_INIT; qpa.pkey_index = 0; @@ -306,6 +310,7 @@ int Infiniband::QueuePair::init() { ldout(cct, 20) << __func__ << " started." << dendl; ibv_qp_init_attr qpia; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&qpia, 0, sizeof(qpia)); qpia.send_cq = txcq->get_cq(); qpia.recv_cq = rxcq->get_cq(); @@ -478,6 +483,7 @@ int Infiniband::QueuePair::to_dead() << " bound remote QueuePair, qp number: " << local_cm_meta.peer_qpn << dendl; struct ibv_send_wr *bad_wr = nullptr, beacon; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&beacon, 0, sizeof(beacon)); beacon.wr_id = BEACON_WRID; beacon.opcode = IBV_WR_SEND; @@ -769,6 +775,7 @@ int Infiniband::MemoryManager::Cluster::fill(uint32_t num) end = base + bytes; ceph_assert(base); chunk_base = static_cast<Chunk*>(::malloc(sizeof(Chunk) * num)); + // FIPS zeroization audit 20191115: this memset is not security related. memset(static_cast<void*>(chunk_base), 0, sizeof(Chunk) * num); free_chunks.reserve(num); ibv_mr* m = ibv_reg_mr(manager.pd->pd, base, bytes, IBV_ACCESS_REMOTE_WRITE | IBV_ACCESS_LOCAL_WRITE); @@ -1128,6 +1135,7 @@ Infiniband::~Infiniband() ibv_srq* Infiniband::create_shared_receive_queue(uint32_t max_wr, uint32_t max_sge) { ibv_srq_init_attr sia; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&sia, 0, sizeof(sia)); sia.srq_context = device->ctxt; sia.attr.max_wr = max_wr; diff --git a/src/msg/async/rdma/RDMAConnectedSocketImpl.cc b/src/msg/async/rdma/RDMAConnectedSocketImpl.cc index 0a2c7a2c7a4..c64da95b731 100644 --- a/src/msg/async/rdma/RDMAConnectedSocketImpl.cc +++ b/src/msg/async/rdma/RDMAConnectedSocketImpl.cc @@ -456,6 +456,7 @@ int RDMAConnectedSocketImpl::post_work_request(std::vector<Chunk*> &tx_buffers) ibv_send_wr* pre_wr = NULL; uint32_t num = 0; + // FIPS zeroization audit 20191115: these memsets are not security related. memset(iswr, 0, sizeof(iswr)); memset(isge, 0, sizeof(isge)); @@ -497,6 +498,7 @@ int RDMAConnectedSocketImpl::post_work_request(std::vector<Chunk*> &tx_buffers) void RDMAConnectedSocketImpl::fin() { ibv_send_wr wr; + // FIPS zeroization audit 20191115: this memset is not security related. memset(&wr, 0, sizeof(wr)); wr.wr_id = reinterpret_cast<uint64_t>(qp); diff --git a/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc b/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc index 354d95eb136..d55ced3c53f 100644 --- a/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc +++ b/src/msg/async/rdma/RDMAIWARPConnectedSocketImpl.cc @@ -98,6 +98,7 @@ void RDMAIWARPConnectedSocketImpl::handle_cm_connection() { break; } + // FIPS zeroization audit 20191115: this memset is not security related. memset(&cm_params, 0, sizeof(cm_params)); cm_params.retry_count = RETRY_COUNT; cm_params.qp_num = local_qpn; diff --git a/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc b/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc index 35ab239c861..e4a170ee8be 100644 --- a/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc +++ b/src/msg/async/rdma/RDMAIWARPServerSocketImpl.cc @@ -90,6 +90,7 @@ int RDMAIWARPServerSocketImpl::accept(ConnectedSocket *sock, const SocketOptions RDMAIWARPConnectedSocketImpl* server = new RDMAIWARPConnectedSocketImpl(cct, ib, dispatcher, dynamic_cast<RDMAWorker*>(w), &info); + // FIPS zeroization audit 20191115: this memset is not security related. memset(&local_conn_param, 0, sizeof(local_conn_param)); local_conn_param.qp_num = server->get_local_qpn(); |