Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free

[Eric Blake]

On 12/06/2016 08:29 PM, Gonglei wrote:
> Common practice with sensitive information (key material, passwords,
> etc). Prevents sensitive information from being exposed by accident later in
> coredumps, memory disclosure bugs when heap memory is reused, etc.
> 
> Sensitive information is sometimes also held in mlocked pages to prevent
> it being swapped to disk but that's not being done here.

I also think that pointing to earlier commit ids with similar behavior
is a good idea; in other words, call out commit 8813800b.  So maybe
rework this second paragraph to:

Sensitive information is sometimes also held in mlocked pages to prevent
it being swapped to disk, but qemu in general is not currently taking
that level of precaution (see also commit 8813800b).

> 
> Let's zeroize the memory of CryptoDevBackendSymOpInfo structure pointed
> for key material security.
> 
> [v2: Stefan perfects the commit message, thanks]

The v2 blurb should appear after the --- line, as it is nice for
reviewers but a year from now when reading 'git log' we won't care how
many versions were on the list, only about the one version in git.

> Signed-off-by: Gonglei <address@hidden>
> Reviewed-by: Stefan Hajnoczi <address@hidden>
> ---
>  hw/virtio/virtio-crypto.c | 13 ++++++++++++-
>  1 file changed, 12 insertions(+), 1 deletion(-)
> 

The commit message may still need improvement, but the maintainer might
be willing to do that without needing a v3.  At any rate,
Reviewed-by: Eric Blake <address@hidden>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature