[gtk/gtk-4-2: 45/91] gtksecurememory: Request that secure memory not be dumped to disk

[Matthias Clasen <matthiasc src gnome org>]

commit a9d05630851e347308d963f87315522195d3ee50
Author: Matthew Garrett <matthewgarrett google com>
Date:   Fri Apr 19 13:08:32 2019 -0700

    gtksecurememory: Request that secure memory not be dumped to disk
    
    Linux 3.4 added support for the MADV_DONTDUMP option to madvise(), which
    requests that the covered memory not be included in coredumps. It makes
    sense to use this to prevent cases where application crashes could
    result in secrets being persisted to disk or included in dumps that are
    uploaded to remote servers for analysis. I've avoided making this fatal
    since there's a chance this code could be built on systems that have
    MADV_DONTDUMP but run on systems that don't.

 gtk/gtksecurememory.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
---
diff --git a/gtk/gtksecurememory.c b/gtk/gtksecurememory.c
index 35a6f6b875..6dff307e65 100644
--- a/gtk/gtksecurememory.c
+++ b/gtk/gtksecurememory.c
@@ -943,6 +943,19 @@ sec_acquire_pages (size_t *sz,
 
        DEBUG_ALLOC ("gtk-secure-memory: new block ", *sz);
 
+#if defined(MADV_DONTDUMP)
+       if (madvise (pages, *sz, MADV_DONTDUMP) < 0) {
+               if (show_warning && gtk_secure_warnings) {
+                       /*
+                        * Not fatal - this was added in Linux 3.4 and older
+                        * kernels will legitimately fail this at runtime
+                        */
+                       fprintf (stderr, "couldn't MADV_DONTDUMP %lu bytes of memory (%s): %s\n",
+                                (unsigned long)*sz, during_tag, strerror (errno));
+               }
+       }
+#endif
+
        show_warning = 1;
        return pages;