• Milan Broz's avatar
    dm ioctl: add flag to wipe buffers for secure data · f8681205
    Milan Broz authored
    Add DM_SECURE_DATA_FLAG which userspace can use to ensure
    that all buffers allocated for dm-ioctl are wiped
    immediately after use.
    
    The user buffer is wiped as well (we do not want to keep
    and return sensitive data back to userspace if the flag is set).
    
    Wiping is useful for cryptsetup to ensure that the key
    is present in memory only in defined places and only
    for the time needed.
    
    (For crypt, key can be present in table during load or table
    status, wait and message commands).
    Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
    Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
    f8681205
dm-ioctl.c 36.3 KB