util: implement secure erase with explicit_bzero

This is available on at least FreeBSD and GLibc >= 2.25.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/meson.build b/meson.build
index 1a13148c51e2b0e10e2ebcdda634bf331b0ca18c..0f8ef079b18c25ca1e00ab3b5737d8c833d68aa6 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -537,6 +537,7 @@ libvirt_export_dynamic = cc.first_supported_link_argument([
 
 functions = [
   'elf_aux_info',
+  'explicit_bzero',
   'fallocate',
   'getauxval',
   'getegid',

diff --git a/src/util/virsecureerase.c b/src/util/virsecureerase.c
index ead12803da37afbf410275739a590290444b33b4..00542da99db929731a45476cb407560bf916815c 100644 (file)
--- a/src/util/virsecureerase.c
+++ b/src/util/virsecureerase.c
@@ -19,6 +19,8 @@
 
 #include <config.h>
 
+#include <string.h>
+
 #include "virsecureerase.h"
 
 /**
@@ -40,7 +42,11 @@ virSecureErase(void *ptr,
     if (!ptr || size == 0)
         return;
 
+#ifdef WITH_EXPLICIT_BZERO
+    explicit_bzero(ptr, size);
+#else
     memset(ptr, 0, size);
+#endif
 }
 
 /**