kernel: Clear secrets on reboot

The idea is that when we reboot, we zero out memory written by processes that have the private flag set (such as factotum and keyfs), and also clear the secrmem pool, which contains TLS keys and the state of the random number generator. This is so the newly booted kernel or firmware will not find these secret keys in memory.
author: cinap_lenrek <cinap_lenrek@felloff.net> 2023-04-08 20:30:47 +0000
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2023-04-08 20:30:47 +0000
commit: 60b1a2f82dc96b254d6dec1bfd1c14ca056c21dd (patch)
tree: 1de5c2c26d7f7d0a0def0bbe4c11971a12735730 /sys/src/9/port/devproc.c
parent: bd43bd6f1ae1b1ec7ee6873d9fd6766b049802e9 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/src/9/port/devproc.c b/sys/src/9/port/devproc.c
index b56b69e59..ffabca2d5 100644
--- a/sys/src/9/port/devproc.c
+++ b/sys/src/9/port/devproc.c
@@ -1474,6 +1474,14 @@ procctlreq(Proc *p, char *va, int n)
 		break;
 	case CMprivate:
 		p->privatemem = 1;
+		/*
+		 * pages will now get marked private
+		 * when faulted in for writing
+		 * so force a tlb flush.
+		 */
+		p->newtlb = 1;
+		if(p == up)
+			flushmmu();
 		break;
 	case CMprofile:
 		s = p->seg[TSEG];
author	cinap_lenrek <cinap_lenrek@felloff.net>	2023-04-08 20:30:47 +0000
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2023-04-08 20:30:47 +0000
commit	60b1a2f82dc96b254d6dec1bfd1c14ca056c21dd (patch)
tree	1de5c2c26d7f7d0a0def0bbe4c11971a12735730 /sys/src/9/port/devproc.c
parent	bd43bd6f1ae1b1ec7ee6873d9fd6766b049802e9 (diff)