util: implement secure erase with explicit_bzero

This is available on at least FreeBSD and GLibc >= 2.25. Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-12-22 05:35:25 +00:00 · 2022-12-12 05:20:36 -05:00 · 2022-12-12 05:20:36 -05:00 · 77b9617cd7
commit 77b9617cd7
parent 03a25597f1
2 changed files with 7 additions and 0 deletions
--- a/meson.build
+++ b/meson.build
@ -537,6 +537,7 @@ libvirt_export_dynamic = cc.first_supported_link_argument([

 functions = [
  'elf_aux_info',
+  'explicit_bzero',
  'fallocate',
  'getauxval',
  'getegid',
--- a/src/util/virsecureerase.c
+++ b/src/util/virsecureerase.c
@ -19,6 +19,8 @@

 #include <config.h>

+#include <string.h>
+
 #include "virsecureerase.h"

 /**
@ -40,7 +42,11 @@ virSecureErase(void *ptr,
    if (!ptr || size == 0)
        return;

+#ifdef WITH_EXPLICIT_BZERO
+    explicit_bzero(ptr, size);
+#else
    memset(ptr, 0, size);
+#endif
 }

 /**