improve secure_erase speed; add SIGINFO support

bwalex · Jul 3, 2011 · 69686eb · 69686eb
1 parent 00bc399
commit 69686eb
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 7 deletions.
diff --git a/io.c b/io.c
@@ -106,14 +106,28 @@ get_random(unsigned char *buf, size_t len)
 	return 0;
 }
 
-/* XXX: improve secure_erase performance! */
+static size_t secure_erase_total_bytes = 0;
+static size_t secure_erase_erased_bytes = 0;
+
+static
+void
+secure_erase_summary(void)
+{
+	float pct_done;
+
+	pct_done = (1.0 * secure_erase_erased_bytes) /
+	    (1.0 * secure_erase_total_bytes) * 100.0;
+	tc_log(0, "Securely erasing, %.0f%% done.\n", pct_done);
+}
+
 int
 secure_erase(const char *dev, size_t bytes, size_t blksz)
 {
 	size_t erased = 0;
 	int fd_rand, fd;
-	char buf[MAX_BLKSZ];
+	char buf[ERASE_BUFFER_SIZE];
 	ssize_t r, w;
+	size_t sz;
 
 	if (blksz > MAX_BLKSZ) {
 		tc_log(1, "blksz > MAX_BLKSZ\n");
@@ -131,21 +145,32 @@ secure_erase(const char *dev, size_t bytes, size_t blksz)
 		return -1;
 	}
 
+	summary_fn = secure_erase_summary;
+	secure_erase_total_bytes = bytes;
+
+	sz = ERASE_BUFFER_SIZE;
 	while (erased < bytes) {
-		if ((r = read(fd_rand, buf, blksz)) < 0) {
+		secure_erase_erased_bytes = erased;
+		/* Switch to block size when not much is remaining */
+		if ((bytes - erased) <= ERASE_BUFFER_SIZE)
+			sz = blksz;
+
+		if ((r = read(fd_rand, buf, sz)) < 0) {
 			tc_log(1, "Error reading from /dev/urandom\n");
 			close(fd);
 			close(fd_rand);
+			summary_fn = NULL;
 			return -1;
 		}
 
 		if (r < blksz)
 			continue;
 
-		if ((w = write(fd, buf, blksz)) < 0) {
+		if ((w = write(fd, buf, r)) < 0) {
 			tc_log(1, "Error writing to %s\n", dev);
 			close(fd);
 			close(fd_rand);
+			summary_fn = NULL;
 			return -1;
 		}
 
@@ -155,6 +180,8 @@ secure_erase(const char *dev, size_t bytes, size_t blksz)
 	close(fd);
 	close(fd_rand);
 
+	summary_fn = NULL;
+
 	return 0;
 }
 

diff --git a/main.c b/main.c
@@ -33,12 +33,21 @@
 #include <unistd.h>
 #include <errno.h>
 #include <string.h>
+#include <signal.h>
 #include <err.h>
 #include <time.h>
 #include <libutil.h>
 
 #include "tc-play.h"
 
+static
+void
+sig_handler(int sig)
+{
+	if ((sig == SIGUSR1 || sig == SIGINFO) && (summary_fn != NULL))
+		summary_fn();
+}
+
 static
 void
 usage(void)
@@ -115,6 +124,8 @@ main(int argc, char *argv[])
 	struct tc_cipher_chain *cipher_chain = NULL;
 
 	tc_play_init();
+	signal(SIGUSR1, sig_handler);
+	signal(SIGINFO, sig_handler);
 
 	nkeyfiles = 0;
 	n_hkeyfiles = 0;

diff --git a/tc-play-api.c b/tc-play-api.c
@@ -56,6 +56,15 @@ tc_api_get_error_msg(void)
 	return (tc_internal_verbose) ? "" : tc_internal_log_buffer;
 }
 
+char *
+tc_api_get_summary(void)
+{
+	if (summary_fn != NULL)
+		summary_fn();
+
+	return tc_internal_log_buffer;
+}
+
 int
 tc_api_create_volume(tc_api_op *api_opts)
 {

diff --git a/tc-play-api.h b/tc-play-api.h
@@ -56,4 +56,5 @@ int tc_api_map_volume(tc_api_op *api_opts);
 int tc_api_check_cipher(tc_api_op *api_opts);
 int tc_api_check_prf_hash(tc_api_op *api_opts);
 char *tc_api_get_error_msg(void);
+char *tc_api_get_summary(void);
 
diff --git a/tc-play.c b/tc-play.c
@@ -47,6 +47,7 @@
  *  - mlockall? (at least MCL_FUTURE, which is the only one we support)
  */
 
+summary_fn_t summary_fn = NULL;
 int tc_internal_verbose = 1;
 char tc_internal_log_buffer[LOG_BUFFER_SZ];
 
@@ -63,10 +64,10 @@ tc_log(int err, char *fmt, ...)
 
         __va_start(ap, fmt);
 
-        if (tc_internal_verbose)
+	vsnprintf(tc_internal_log_buffer, LOG_BUFFER_SZ, fmt, ap);
+
+	if (tc_internal_verbose)
                 vfprintf(fp, fmt, ap);
-	else
-		vsnprintf(tc_internal_log_buffer, LOG_BUFFER_SZ, fmt, ap);
 
 	__va_end(ap);
 }

diff --git a/tc-play.h b/tc-play.h
@@ -46,6 +46,7 @@
 #define MIN_VOL_BLOCKS		256
 #define MAX_CIPHER_CHAINS	64
 #define DEFAULT_RETRIES		3
+#define ERASE_BUFFER_SIZE	4*1024*1024 /* 4 MB */
 
 /* TrueCrypt Volume flags */
 #define TC_VOLFLAG_SYSTEM	0x01	/* system encryption */
@@ -182,8 +183,11 @@ int map_volume(const char *map_name, const char *device, int sflag,
     char *passphrase, char *passphrase_hidden, int interactive, int retries);
 int dm_setup(const char *mapname, struct tcplay_info *info);
 
+typedef void(*summary_fn_t)(void);
+
 extern int tc_internal_verbose;
 extern char tc_internal_log_buffer[];
+extern summary_fn_t summary_fn;
 
 #define alloc_safe_mem(x) \
 	_alloc_safe_mem(x, __FILE__, __LINE__)