[u/mdw/catacomb] / lmem.c

/* -*-c-*-
 *
 * $Id: lmem.c,v 1.1 1999/12/22 16:02:52 mdw Exp $
 *
 * Locked memory allocation (Unix-specific)
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: lmem.c,v $
 * Revision 1.1  1999/12/22 16:02:52  mdw
 * Interface to allocating `locked' memory (which isn't paged out).
 *
 */

/*----- Header files ------------------------------------------------------*/

#include "config.h"

#include <assert.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <sys/types.h>
#include <unistd.h>

#ifdef HAVE_MLOCK
#  include <sys/mman.h>
#endif

#include <mLib/dstr.h>
#include <mLib/sub.h>

#include "lmem.h"

/*----- Main code ---------------------------------------------------------*/

/* --- @l_init@ --- *
 *
 * Arguments:	@lmem *lm@ = pointer to locked memory descriptor
 *		@size_t sz@ = size of locked memory area requested
 *
 * Returns:	Zero if everything is fine, @+1@ if some insecure memory was
 *		allocated, and @-1@ if everything went horribly wrong.
 *
 * Use:		Initializes the locked memory manager.  This function is safe
 *		to call in a privileged program; privileges should usually be
 *		dropped after allocating the locked memory block.
 *
 *		You must call @sub_init@ before allocating locked memory
 *		buffers.
 */

int l_init(lmem *lm, size_t sz)
{
  char *p;
  int rc = 0;
  l_node *l;

  /* --- Preliminaries --- */

  lm->err = 0;

  /* --- Try making a secure locked passphrase buffer --- *
   *
   * Drop privileges before emitting diagnostic messages.
   */

#ifdef HAVE_MLOCK

  /* --- Memory-map a page from somewhere --- */

#  ifdef MAP_ANON
  p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
#  else
  {
    int fd;
    if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
      p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
      close(fd);
    }
  }
#  endif

  /* --- Lock the page in memory --- *
   *
   * Why does @mmap@ return such a stupid result if it fails?
   */

  if (p == 0 || p == MAP_FAILED) {
    lm->emsg = "couldn't map locked memory area: %s";
    lm->err = errno;
    p = 0;
  } else if (mlock(p, sz)) {
    lm->emsg = "error locking memory area: %s";
    lm->err = errno;
    munmap(p, sz);
    p = 0;
  }

#endif

  /* --- Make a standard passphrase buffer --- */

#ifdef HAVE_MLOCK
  if (!p)
#else
  ll->err = 0;
  ll->emsg = "locked memory not available on this system";
#endif
  {
    if ((p = malloc(sz)) == 0) {
      lm->emsg = "not enough standard memory!";
      lm->err = ENOMEM;
      return (-1);
    }
    rc = +1;
  }

  /* --- Initialize the buffer --- */

  lm->sz = lm->free = sz;
  lm->p = p;

  /* --- Initialize the free list --- */

  l = CREATE(l_node);
  l->next = 0;
  l->p = p;
  l->sz = sz;
  l->f = 0;
  lm->l = l;

  /* --- Done --- */

  return (rc);
}

/* --- @l_alloc@ --- *
 *
 * Arguments:	@lmem *lm@ = pointer to locked memory descriptor
 *		@size_t sz@ = size requested
 *
 * Returns:	Pointer to allocated memory.
 *
 * Use:		Allocates @sz@ bytes of locked memory.
 */

void *l_alloc(lmem *lm, size_t sz)
{
  l_node *l;

  sz = (sz + 3u) & ~3u;
  for (l = lm->l; l; l = l->next) {
    if (l->f & LF_ALLOC)
      continue;
    if (l->sz < sz)
      continue;
    l->f |= LF_ALLOC;
    if (l->sz > sz) {
      l_node *n = CREATE(l_node);
      n->next = l->next;
      n->p = l->p + sz;
      n->sz = l->sz - sz;
      l->sz = sz;
      n->f = 0;
      l->next = n;
    }
    assert(((void)"Locked buffer space has vanished", lm->free >= sz));
    lm->free -= sz;
    return (l->p);
  }
  return (0);
}

/* --- @l_free@ --- *
 *
 * Arguments:	@lmem *lm@ = pointer to locked memory descriptor
 *		@void *p@ = pointer to block
 *
 * Returns:	---
 *
 * Use:		Releases a block of locked memory.
 */

void l_free(lmem *lm, void *p)
{
  l_node *l;
  l_node *ll = 0;

  for (l = lm->l; l; l = l->next) {
    size_t sz;

    /* --- If this isn't the block, skip it --- */

    if (l->p != p) {
      ll = l;
      continue;
    }
    assert(((void)"Block is already free", l->f & LF_ALLOC));

    /* --- Coalesce with adjacent free blocks --- */

    l->f &= ~LF_ALLOC;
    sz = l->sz;
    memset(p, 0, sz);

    if (ll && !(ll->f & LF_ALLOC)) {
      assert(((void)"Previous block doesn't fit", ll->p + ll->sz == p));
      ll->sz += sz;
      ll->next = l->next;
      DESTROY(l);
      l = ll;
    }

    ll = l->next;
    if (ll && !(ll->f & LF_ALLOC)) {
      assert(((void)"Next block doesn't fit", ll->p == l->p + l->sz));
      l->sz += ll->sz;
      l->next = ll->next;
      DESTROY(ll);
    }

    lm->free += sz;
    assert(((void)"Free lunch", lm->free <= lm->sz));
    return;
  }
  assert(((void)"Not a locked block", 0));
}

/* --- @l_purge@ --- *
 *
 * Arguments:	@lmem *lm@ = pointer to locked memory descriptor
 *
 * Returns:	---
 *
 * Use:		Purges all the free blocks in the buffer, and clears all of
 *		the locked memory.  Memory is not freed back to the system.
 */

void l_purge(lmem *lm)
{
  l_node *l;

  l = lm->l;
  while (l) {
    l_node *ll = l->next;
    DESTROY(l);
    l = ll;
  }
  memset(lm->p, 0, lm->sz);
  l = CREATE(l_node);
  l->next = 0;
  l->p = lm->p;
  l->sz = lm->sz;
  l->f = 0;
  lm->l = l;
  lm->free = l->sz;
}

/* --- @l_report@ --- *
 *
 * Arguments:	@lmem *lm@ = pointer to locked memory descriptor
 *		@dstr *d@ = string to write the error message on
 *
 * Returns:	Zero if the buffer is fine, @+1@ if there was a problem
 *		getting locked memory but insecure stuff could be allocated,
 *		and @-1@ if not even insecure memory could be found.
 *
 * Use:		Returns a user-digestable explanation for the state of a
 *		locked memory buffer.  If the return code is zero, no message
 *		is emitted to the string @d@.
 */

int l_report(lmem *lm, dstr *d)
{
  int rc;
  if (lm->err)
    dstr_putf(d, lm->emsg, strerror(lm->err));
  if (!lm->p)
    rc = -1;
  else if (lm->err)
    rc = +1;
  else
    rc = 0;
  return (rc);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
359df778	1	/* --c--
	2	*
	3	* $Id: lmem.c,v 1.1 1999/12/22 16:02:52 mdw Exp $
	4	*
	5	* Locked memory allocation (Unix-specific)
	6	*
	7	* (c) 1999 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
	18	*
	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Revision history --------------------------------------------------
	31	*
	32	* $Log: lmem.c,v $
	33	* Revision 1.1 1999/12/22 16:02:52 mdw
	34	* Interface to allocating `locked' memory (which isn't paged out).
	35	*
	36	*/
	37
	38	/----- Header files ------------------------------------------------------/
	39
	40	#include "config.h"
	41
	42	#include <assert.h>
	43	#include <errno.h>
	44	#include <stdio.h>
	45	#include <stdlib.h>
	46	#include <string.h>
	47
	48	#include <sys/types.h>
	49	#include <unistd.h>
	50
	51	#ifdef HAVE_MLOCK
	52	# include <sys/mman.h>
	53	#endif
	54
	55	#include <mLib/dstr.h>
	56	#include <mLib/sub.h>
	57
	58	#include "lmem.h"
	59
	60	/----- Main code ---------------------------------------------------------/
	61
	62	/* --- @l_init@ --- *
	63	*
	64	* Arguments: @lmem *lm@ = pointer to locked memory descriptor
65	* @size_t sz@ = size of locked memory area requested
66	*
67	* Returns: Zero if everything is fine, @+1@ if some insecure memory was
68	* allocated, and @-1@ if everything went horribly wrong.
69	*
70	* Use: Initializes the locked memory manager. This function is safe
71	* to call in a privileged program; privileges should usually be
72	* dropped after allocating the locked memory block.
73	*
74	* You must call @sub_init@ before allocating locked memory
75	* buffers.
76	*/
77
78	int l_init(lmem *lm, size_t sz)
79	{
80	char *p;
81	int rc = 0;
82	l_node *l;
83
84	/* --- Preliminaries --- */
85
86	lm->err = 0;
87
88	/* --- Try making a secure locked passphrase buffer --- *
89	*
90	* Drop privileges before emitting diagnostic messages.
91	*/
92
93	#ifdef HAVE_MLOCK
94
95	/* --- Memory-map a page from somewhere --- */
96
97	# ifdef MAP_ANON
98	p = mmap(0, sz, PROT_READ \| PROT_WRITE, MAP_PRIVATE \| MAP_ANON, -1, 0);
99	# else
100	{
101	int fd;
102	if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
103	p = mmap(0, sz, PROT_READ \| PROT_WRITE, MAP_PRIVATE, fd, 0);
104	close(fd);
105	}
106	}
107	# endif
108
109	/* --- Lock the page in memory --- *
110	*
111	* Why does @mmap@ return such a stupid result if it fails?
112	*/
113
114	if (p == 0 \|\| p == MAP_FAILED) {
115	lm->emsg = "couldn't map locked memory area: %s";
116	lm->err = errno;
117	p = 0;
118	} else if (mlock(p, sz)) {
119	lm->emsg = "error locking memory area: %s";
120	lm->err = errno;
121	munmap(p, sz);
122	p = 0;
123	}
124
125	#endif
126
127	/* --- Make a standard passphrase buffer --- */
128
129	#ifdef HAVE_MLOCK
130	if (!p)
131	#else
132	ll->err = 0;
133	ll->emsg = "locked memory not available on this system";
134	#endif
135	{
136	if ((p = malloc(sz)) == 0) {
137	lm->emsg = "not enough standard memory!";
138	lm->err = ENOMEM;
139	return (-1);
140	}
141	rc = +1;
142	}
143
144	/* --- Initialize the buffer --- */
145
146	lm->sz = lm->free = sz;
147	lm->p = p;
148
149	/* --- Initialize the free list --- */
150
151	l = CREATE(l_node);
152	l->next = 0;
153	l->p = p;
154	l->sz = sz;
155	l->f = 0;
156	lm->l = l;
157
158	/* --- Done --- */
159
160	return (rc);
161	}
162
163	/* --- @l_alloc@ --- *
164	*
165	* Arguments: @lmem *lm@ = pointer to locked memory descriptor
166	* @size_t sz@ = size requested
167	*
168	* Returns: Pointer to allocated memory.
169	*
170	* Use: Allocates @sz@ bytes of locked memory.
171	*/
172
173	void l_alloc(lmem lm, size_t sz)
174	{
175	l_node *l;
176
177	sz = (sz + 3u) & ~3u;
178	for (l = lm->l; l; l = l->next) {
179	if (l->f & LF_ALLOC)
180	continue;
181	if (l->sz < sz)
182	continue;
183	l->f \|= LF_ALLOC;
184	if (l->sz > sz) {
185	l_node *n = CREATE(l_node);
186	n->next = l->next;
187	n->p = l->p + sz;
188	n->sz = l->sz - sz;
189	l->sz = sz;
190	n->f = 0;
191	l->next = n;
192	}
193	assert(((void)"Locked buffer space has vanished", lm->free >= sz));
194	lm->free -= sz;
195	return (l->p);
196	}
197	return (0);
198	}
199
200	/* --- @l_free@ --- *
201	*
202	* Arguments: @lmem *lm@ = pointer to locked memory descriptor
203	* @void *p@ = pointer to block
204	*
205	* Returns: ---
206	*
207	* Use: Releases a block of locked memory.
208	*/
209
210	void l_free(lmem lm, void p)
211	{
212	l_node *l;
213	l_node *ll = 0;
214
215	for (l = lm->l; l; l = l->next) {
216	size_t sz;
217
218	/* --- If this isn't the block, skip it --- */
219
220	if (l->p != p) {
221	ll = l;
222	continue;
223	}
224	assert(((void)"Block is already free", l->f & LF_ALLOC));
225
226	/* --- Coalesce with adjacent free blocks --- */
227
228	l->f &= ~LF_ALLOC;
229	sz = l->sz;
230	memset(p, 0, sz);
231
232	if (ll && !(ll->f & LF_ALLOC)) {
233	assert(((void)"Previous block doesn't fit", ll->p + ll->sz == p));
234	ll->sz += sz;
235	ll->next = l->next;
236	DESTROY(l);
237	l = ll;
238	}
239
240	ll = l->next;
241	if (ll && !(ll->f & LF_ALLOC)) {
242	assert(((void)"Next block doesn't fit", ll->p == l->p + l->sz));
243	l->sz += ll->sz;
244	l->next = ll->next;
245	DESTROY(ll);
246	}
247
248	lm->free += sz;
249	assert(((void)"Free lunch", lm->free <= lm->sz));
250	return;
251	}
252	assert(((void)"Not a locked block", 0));
253	}
254
255	/* --- @l_purge@ --- *
256	*
257	* Arguments: @lmem *lm@ = pointer to locked memory descriptor
258	*
259	* Returns: ---
260	*
261	* Use: Purges all the free blocks in the buffer, and clears all of
262	* the locked memory. Memory is not freed back to the system.
263	*/
264
265	void l_purge(lmem *lm)
266	{
267	l_node *l;
268
269	l = lm->l;
270	while (l) {
271	l_node *ll = l->next;
272	DESTROY(l);
273	l = ll;
274	}
275	memset(lm->p, 0, lm->sz);
276	l = CREATE(l_node);
277	l->next = 0;
278	l->p = lm->p;
279	l->sz = lm->sz;
280	l->f = 0;
281	lm->l = l;
282	lm->free = l->sz;
283	}
284
285	/* --- @l_report@ --- *
286	*
287	* Arguments: @lmem *lm@ = pointer to locked memory descriptor
288	* @dstr *d@ = string to write the error message on
289	*
290	* Returns: Zero if the buffer is fine, @+1@ if there was a problem
291	* getting locked memory but insecure stuff could be allocated,
292	* and @-1@ if not even insecure memory could be found.
293	*
294	* Use: Returns a user-digestable explanation for the state of a
295	* locked memory buffer. If the return code is zero, no message
296	* is emitted to the string @d@.
297	*/
298
299	int l_report(lmem lm, dstr d)
300	{
301	int rc;
302	if (lm->err)
303	dstr_putf(d, lm->emsg, strerror(lm->err));
304	if (!lm->p)
305	rc = -1;
306	else if (lm->err)
307	rc = +1;
308	else
309	rc = 0;
310	return (rc);
311	}
312
313	/----- That's all, folks -------------------------------------------------/