eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Lock memory in crypt_safe alloc functions.

Browse Source 
This patch locks all memory ranges in safe allocations.

While crypto backend can have some secure memory calls,
it is usually limited by intitial config.

For our use is enough to keep keys in memory and prevent
swapping it out.

If the lock fails (because of limits) we quietly
stay with plain malloc.
This commit is contained in:
Milan Broz
2022-08-16 15:16:49 +02:00
parent 132027bafa
commit db65a5ceac
2 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/utils.c
View File

@@ -179,7 +179,7 @@ int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile,
key_size = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1;
unlimited_read = 1;
/* use 4k for buffer (page divisor but avoid huge pages) */
buflen = 4096 - sizeof(size_t); // sizeof(struct safe_allocation);
buflen = 4096 - 16; /* sizeof(struct safe_allocation); */
} else
buflen = key_size;