Follow-up to Crashes with gpg-agent 2.1.18

NIIBE Yutaka gniibe at fsij.org
Mon Jun 5 02:33:10 CEST 2017


Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Fri 2017-06-02 08:31:31 +0900, NIIBE Yutaka wrote:
>
>>> At the time of the error there is at least 10GB of free RAM available.
>>
>> The limitation comes from the fact we only have 32KB or 64KB for secure
>> memory; The region is mlock(2)-ed to avoid data transfer to swap
>> storage.  ... even if we have multiple giga bytes of memory.
>
> is this a reasonable conclusion today?  shouldn't swap be encrypted on
> machines where it's a risk?  not to be leakage-nihilist or anything, but
> hibernation itself can't be prevented at the application level, right?
> So these "out of core" crashes just gratuitous outages?

I described the current implementation, why it occurs.

> what would gpg-agent do when the limit is reached?  it would be better
> if a thread could perform a blocking call when asking for more core, so
> that the thread requesting the limited resource was the thing blocked,
> and other threads could go about their business.

I think that simpler is better, here, to avoid dead locks; I get half,
you get half, when both need more, both wait forever.

In my opinion, the current implementation of crypto with MPI could be
improved.  Currently, it allocates memory during its computation.  It
would be good if it can allocate all memory needed for the computation
for a particular crypto method, in advance, atomically (or block).
-- 



More information about the Gnupg-devel mailing list