Review: Add memzero on free, assert unprotected_size + fd <= PAGE_SIZE

quininer · Jun 4, 2024 · 30e7d82 · 30e7d82
1 parent 7e185b5
commit 30e7d82
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/memsec-test/tests/allocext_linux.rs b/memsec-test/tests/allocext_linux.rs
@@ -107,8 +107,6 @@ enum TestState {
     Free,
 }
 
-/// Attempts to
-#[cfg(unix)]
 fn attempt_write_in_region(
     offset: Offset,
     end_process_normally: bool,

diff --git a/src/alloc/allocext/linux.rs b/src/alloc/allocext/linux.rs
@@ -9,8 +9,6 @@ use self::memfd_secret_alloc::*;
 
 mod memfd_secret_alloc {
     use core::convert::TryInto;
-    use std::{io, println};
-
     use super::*;
 
     #[inline]
@@ -42,6 +40,9 @@ mod memfd_secret_alloc {
 unsafe fn _memfd_secret(size: usize) -> Option<*mut u8> {
     ALLOC_INIT.call_once(|| alloc_init());
 
+    //Assert size of unprotected_size (usize) and fd (i32) is less than PAGE_SIZE before allocating memory
+    assert!(size_of::<usize>() + size_of::<i32>() <= PAGE_SIZE);
+
     if size >= ::core::usize::MAX - PAGE_SIZE * 4 {
         return None;
     }
@@ -119,6 +120,8 @@ pub unsafe fn free_memfd_secret<T: ?Sized>(memptr: NonNull<T>) {
     let total_size = PAGE_SIZE + PAGE_SIZE + unprotected_size + PAGE_SIZE;
     _mprotect(base_ptr, total_size, Prot::ReadWrite);
 
+    crate::memzero(base_ptr, total_size);
+
     let res = libc::munmap(base_ptr as *mut c_void, total_size);
     if res < 0 {
         abort();