[tor-bugs] #7419 [Tor]: Choose a faster memwipe implementation

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Oct 18 05:24:49 UTC 2014 

#7419: Choose a faster memwipe implementation
-----------------------------+------------------------------------
     Reporter:  nickm        |      Owner:
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-relay, nickm-patch
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+------------------------------------

Comment (by teor):

 Apologies, I wasn't clear - I was commenting on the solution proposed in
 the article, not your patch.

 However, this quote worries me:
 "volatile seems like the sort of thing broken implementations may get
 wrong"

 But, ultimately, there is only so much we can do to work around broken
 compilers.


 "The check-after-memset thing you propose might work too .. but I think
 that a compiler is also technically allowed to optimize that whole thing
 out, along with the memset, if it can prove that nothing else will look at
 the buffer afterwards."

 The assert() guarantees that there will be output if the buffer isn't
 cleared.

 However, do you think a compiler could prove to itself that:
 1. if it executed the code, there would never be any output from the
 assert()
 2. therefore, it doesn't need to execute the code or the assert?

 I guess it could. Screwy logic though.

 I think asserting on the value of a volatile pointer fixes this.

 How do you feel about:

 {{{
 #if PARANOIA
 static void
 memwipe_checker(volatile char *p, char c, size_t sz)
 {
   /* check we filled the block with the right values */
   while (sz--)
     assert(*p++ == c);
 }
 #endif

 void
 memwipe(void *mem, unsigned char byte, size_t sz)
 {
   /* ... memory wiping code ... */
 #if PARANOIA
   /* if we're paranoid, check we actually wiped the memory */
   memwipe_checker(mem, byte, sz);
 #endif
 }}}

 We could also make this level of PARANOIA mandatory, at some cost to
 performance.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7419#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list