From: markus <markus@openbsd.org>
Date: Wed, 31 May 2017 08:55:10 +0000 (+0000)
Subject: new socketoption SO_ZEROIZE: zero out all mbufs sent over socket
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e35050970e3e2b822e383a5e844e4c4402eebccc;p=openbsd

new socketoption SO_ZEROIZE: zero out all mbufs sent over socket
ok deraadt bluhm
---

diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 6003a4661c1..1241f47479c 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_socket.c,v 1.185 2017/05/27 18:50:53 claudio Exp $	*/
+/*	$OpenBSD: uipc_socket.c,v 1.186 2017/05/31 08:55:10 markus Exp $	*/
 /*	$NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $	*/
 
 /*
@@ -483,6 +483,8 @@ restart:
 			s = solock(so);
 			if (resid == 0)
 				so->so_state &= ~SS_ISSENDING;
+			if (top && so->so_options & SO_ZEROIZE)
+				top->m_flags |= M_ZEROIZE;
 			error = (*so->so_proto->pr_usrreq)(so,
 			    (flags & MSG_OOB) ? PRU_SENDOOB : PRU_SEND,
 			    top, addr, control, curproc);
@@ -1591,6 +1593,7 @@ sosetopt(struct socket *so, int level, int optname, struct mbuf *m0)
 		case SO_REUSEPORT:
 		case SO_OOBINLINE:
 		case SO_TIMESTAMP:
+		case SO_ZEROIZE:
 			if (m == NULL || m->m_len < sizeof (int)) {
 				error = EINVAL;
 				goto bad;
@@ -1792,6 +1795,7 @@ sogetopt(struct socket *so, int level, int optname, struct mbuf **mp)
 		case SO_BROADCAST:
 		case SO_OOBINLINE:
 		case SO_TIMESTAMP:
+		case SO_ZEROIZE:
 			*mtod(m, int *) = so->so_options & optname;
 			break;
 
diff --git a/sys/sys/socket.h b/sys/sys/socket.h
index 27cd9b5962e..a1ff94653f8 100644
--- a/sys/sys/socket.h
+++ b/sys/sys/socket.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: socket.h,v 1.94 2017/05/04 15:00:24 bluhm Exp $	*/
+/*	$OpenBSD: socket.h,v 1.95 2017/05/31 08:55:10 markus Exp $	*/
 /*	$NetBSD: socket.h,v 1.14 1996/02/09 18:25:36 christos Exp $	*/
 
 /*
@@ -96,6 +96,7 @@ typedef	__sa_family_t	sa_family_t;	/* sockaddr address family type */
 #define	SO_REUSEPORT	0x0200		/* allow local address & port reuse */
 #define SO_TIMESTAMP	0x0800		/* timestamp received dgram traffic */
 #define SO_BINDANY	0x1000		/* allow bind to any address */
+#define SO_ZEROIZE	0x2000		/* zero out all mbufs sent over socket */
 
 /*
  * Additional options, not kept in so_options.