Move key_global into RemoteAllocator #608

mjp41 · 2023-03-28T10:33:00Z

There was a mis-compilation in a Verona configuration that lead to two instances of key_global existing. This change moves it inside a struct that seems to fix the issue.

The rest of the changes are limiting the use of key_global as both RemoteCache and RemoteAllocator must use the same configuration, so there is no need to take the key_global as a parameter.

There was a mis-compilation in a Verona configuration that lead to two instances of key_global existing. This change moves it inside a struct that seems to fix the issue. The rest of the changes are limiting the use of key_global as both RemoteCache and RemoteAllocator must use the same configuration, so there is no need to take the key_global as a parameter.

nwf

LGTM. I wonder if it's worth having a comment somewhere in the tree (maybe just in docs/security?) about the choice of using a single key. On the one hand:

we don't have to read anything extra from the RemoteAllocator* in the pagemap
we don't have to do any rewriting when forwarding a list of messages
On the other:
well, it is a shared secret and its shared nature might, theoretically, make it easier to leak?

mjp41 force-pushed the key_global branch from cfc8ab6 to a933e5a Compare March 28, 2023 10:35

Clangformat

1f091a1

mjp41 requested a review from nwf-msr March 31, 2023 18:41

nwf approved these changes Apr 7, 2023

View reviewed changes

CR feedback.

711c15e

mjp41 merged commit 55376aa into microsoft:main Apr 26, 2023

mjp41 deleted the key_global branch April 26, 2023 16:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Move key_global into RemoteAllocator #608

Move key_global into RemoteAllocator #608

mjp41 commented Mar 28, 2023

nwf left a comment

Move key_global into RemoteAllocator #608

Move key_global into RemoteAllocator #608

Conversation

mjp41 commented Mar 28, 2023

nwf left a comment

Choose a reason for hiding this comment