Follow-up to Crashes with gpg-agent 2.1.18

Daniel Kahn Gillmor dkg at
Sat Jun 3 00:36:53 CEST 2017

On Fri 2017-06-02 08:31:31 +0900, NIIBE Yutaka wrote:

>> At the time of the error there is at least 10GB of free RAM available.
> The limitation comes from the fact we only have 32KB or 64KB for secure
> memory; The region is mlock(2)-ed to avoid data transfer to swap
> storage.  ... even if we have multiple giga bytes of memory.

is this a reasonable conclusion today?  shouldn't swap be encrypted on
machines where it's a risk?  not to be leakage-nihilist or anything, but
hibernation itself can't be prevented at the application level, right?
So these "out of core" crashes just gratuitous outages?

> Perhaps, it would be good for libgcrypt to have an API for an
> application (in this case gpg-agent) showing how much secure memory is
> used (and how much left), so that an application can throttle accepting
> requests.
> Or, more easier, we can introduce a limitation to gpg-agent, say, only
> accepts some fixed number of multiple connections simultaneously.

what would gpg-agent do when the limit is reached?  it would be better
if a thread could perform a blocking call when asking for more core, so
that the thread requesting the limited resource was the thing blocked,
and other threads could go about their business.


More information about the Gnupg-devel mailing list