[libsecret/wip/dueno/madvice] egg: Request that secure memory not be dumped to disk

[Daiki Ueno <dueno src gnome org>]

commit fb813abe5c130d03fa516cb82d43973f73cb5fa7
Author: Matthew Garrett <matthewgarrett google com>
Date:   Fri Apr 19 13:08:32 2019 -0700

    egg: Request that secure memory not be dumped to disk
    
    Linux 3.4 added support for the MADV_DONTDUMP option to madvise(), which
    requests that the covered memory not be included in coredumps. It makes
    sense to use this to prevent cases where application crashes could
    result in secrets being persisted to disk or included in dumps that are
    uploaded to remote servers for analysis. I've avoided making this fatal
    since there's a chance this code could be built on systems that have
    MADV_DONTDUMP but run on systems that don't.

 egg/egg-secure-memory.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
---
diff --git a/egg/egg-secure-memory.c b/egg/egg-secure-memory.c
index bc82184..ed6fbcc 100644
--- a/egg/egg-secure-memory.c
+++ b/egg/egg-secure-memory.c
@@ -885,6 +885,19 @@ sec_acquire_pages (size_t *sz,
 
        DEBUG_ALLOC ("gkr-secure-memory: new block ", *sz);
 
+#if defined(MADV_DONTDUMP)
+       if (madvise (pages, *sz, MADV_DONTDUMP) < 0) {
+               if (show_warning && egg_secure_warnings) {
+                       /*
+                        * Not fatal - this was added in Linux 3.4 and older
+                        * kernels will legitimately fail this at runtime
+                        */
+                       fprintf (stderr, "couldn't MADV_DONTDUMP %lu bytes of memory (%s): %s\n",
+                                (unsigned long)*sz, during_tag, strerror (errno));
+               }
+       }
+#endif
+
        show_warning = 1;
        return pages;