[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 01/13] introduce g_autowipe
|
From: |
Maxim Levitsky |
|
Subject: |
Re: [Qemu-devel] [PATCH v2 01/13] introduce g_autowipe |
|
Date: |
Tue, 27 Aug 2019 14:24:30 +0300 |
On Tue, 2019-08-27 at 11:52 +0100, Daniel P. Berrangé wrote:
> On Mon, Aug 26, 2019 at 04:50:51PM +0300, Maxim Levitsky wrote:
> > Marking a pointer with g_autowipe, will
> > not only free it at the scope exit, but also
> > erase the data it points to just prior to freeing it.
> >
> > This is first attempt to implement this feature,
> > as suggested by Daniel and Nir.
> >
> > The things that need to be verified prior to merging this is
> >
> > 1. Can we just always use memset_s (defined in C++)
> > or some alternative.
> >
> > 2. is it portable enought for us to use malloc_usable_size
> > to get the size of malloced pointer in the autofree callback?
> > This function is aviable in glibc (but no wrapper in glib).
>
> Urgh, no, we can't rely on that.
>
> I completely forgot that we would need to know the size during
> the deallocate function. The portable way to deal with this
> will be to change all our code that handles passwords to use
> GString instead, since that is a struct carrying around the
> allocated size.
>
> As mentioned in v1, I'm fine if you just let this series use
> memset as this is a pre-existing problem & we can fix it
> in separate yseries.
All right, I *was* afraid of that, but I guess it was worth a try anyway.
So I think I'll keep that patch that adds few missing memsets,
just to consistency/documentation purposes since anyway
in addtion to these there are lot of other places that keys are kept,
like the ciphers itself, secrets (which aren't even freed usually
as long as VM is running)
The purpose was that I just that memsetting caught my eye and
I wanted to make it at least consistent.
Thanks for the review,
Best regards,
Maxim Levitsky
- [Qemu-devel] [PATCH v2 00/13] RFC crypto/luks: preparation for encryption key managment, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 01/13] introduce g_autowipe, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 02/13] block-crypto: misc refactoring, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 03/13] qcrypto-luks: rename some fields in QCryptoBlockLUKSHeader, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 04/13] qcrypto-luks: don't overwrite cipher_mode in header, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 05/13] qcrypto-luks: simplify masterkey and masterkey length, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 06/13] qcrypto-block: pass keyslot index rather that pointer to the keyslot, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 07/13] qcrypto-luks: use the parsed encryption settings in QCryptoBlockLUKS, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 08/13] qcrypto-luks: extract store and load header, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 09/13] qcrypto-block: extract check and parse header, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 10/13] qcrypto-luks: refactoring: extract store key function, Maxim Levitsky, 2019/08/26
- [Qemu-devel] [PATCH v2 11/13] qcrypto-luks: refactoring: simplify the math used for keyslot locations, Maxim Levitsky, 2019/08/26