[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7419 [Tor]: Choose a faster memwipe implementation

Subject: Re: [tor-bugs] #7419 [Tor]: Choose a faster memwipe implementation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 18 Oct 2014 05:24:49 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 18 Oct 2014 01:24:57 -0400
In-reply-to: <045.cc4327c595b29b59baa71caf4ff3f1c2@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.cc4327c595b29b59baa71caf4ff3f1c2@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#7419: Choose a faster memwipe implementation
-----------------------------+------------------------------------
     Reporter:  nickm        |      Owner:
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-relay, nickm-patch
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+------------------------------------

Comment (by teor):

 Apologies, I wasn't clear - I was commenting on the solution proposed in
 the article, not your patch.

 However, this quote worries me:
 "volatile seems like the sort of thing broken implementations may get
 wrong"

 But, ultimately, there is only so much we can do to work around broken
 compilers.


 "The check-after-memset thing you propose might work too .. but I think
 that a compiler is also technically allowed to optimize that whole thing
 out, along with the memset, if it can prove that nothing else will look at
 the buffer afterwards."

 The assert() guarantees that there will be output if the buffer isn't
 cleared.

 However, do you think a compiler could prove to itself that:
 1. if it executed the code, there would never be any output from the
 assert()
 2. therefore, it doesn't need to execute the code or the assert?

 I guess it could. Screwy logic though.

 I think asserting on the value of a volatile pointer fixes this.

 How do you feel about:

 {{{
 #if PARANOIA
 static void
 memwipe_checker(volatile char *p, char c, size_t sz)
 {
   /* check we filled the block with the right values */
   while (sz--)
     assert(*p++ == c);
 }
 #endif

 void
 memwipe(void *mem, unsigned char byte, size_t sz)
 {
   /* ... memory wiping code ... */
 #if PARANOIA
   /* if we're paranoid, check we actually wiped the memory */
   memwipe_checker(mem, byte, sz);
 #endif
 }}}

 We could also make this level of PARANOIA mandatory, at some cost to
 performance.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7419#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #13462 [Website]: website mirrors are broken
Next by Author: Re: [tor-bugs] #7419 [Tor]: Choose a faster memwipe implementation
Previous by thread: Re: [tor-bugs] #7419 [Tor]: Choose a faster memwipe implementation
Next by thread: Re: [tor-bugs] #7419 [Tor]: Choose a faster memwipe implementation
Index(es):
- Author
- Thread