Re: geli(8) breaks after a couple hours of uptime

From: Andriy Gapon <avg_at_FreeBSD.org>
Date: Sat, 09 Feb 2013 18:00:53 +0200
on 09/02/2013 17:04 Andrey Zonov said the following:
> On 2/9/13 5:07 PM, Fabian Keil wrote:
>>
>> This would at least prevent the segfault.
>>
> 
> I see two possibilities to get segfault:
>   - no checking for result from memory allocation functions
>   - too big stack
> 
> I have no found any broken memory allocation checking, but I found two
> big objects on the stack.  One is buf[MAXPHYS] in eli_genkey_files() and
> another is passbuf[MAXPHYS] in eli_genkey_passphrase().  If we change
> these two to malloc(), then we can handle error from malloc(), print
> some useful message and prevent segfault.

I'd rather do what Kostik suggested and Fabian mentioned: instead of
mlockall(MCL_FUTURE) the code should mlock only the (explicitly designated)
buffers that can contain sensitive data.

-- 
Andriy Gapon
Received on Sat Feb 09 2013 - 15:00:57 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:34 UTC