3 * $Id: lmem.c,v 1.5 2004/04/02 01:03:49 mdw Exp $
5 * Locked memory allocation (Unix-specific)
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.5 2004/04/02 01:03:49 mdw
34 * Miscellaneous constification.
36 * Revision 1.4 2002/01/24 22:26:11 mdw
37 * Fix build failure when @mlock@ not available.
39 * Revision 1.3 2000/07/29 21:58:15 mdw
40 * (l_destroy): New function for destroying locked memory blocks.
42 * Revision 1.2 2000/06/17 11:29:20 mdw
45 * Revision 1.1 1999/12/22 16:02:52 mdw
46 * Interface to allocating `locked' memory (which isn't paged out).
50 /*----- Header files ------------------------------------------------------*/
60 #include <sys/types.h>
64 # include <sys/mman.h>
67 #include <mLib/arena.h>
68 #include <mLib/dstr.h>
73 /*----- Arena operations --------------------------------------------------*/
75 static void *aalloc(arena
*a
, size_t sz
) { return l_alloc((lmem
*)a
, sz
); }
76 static void afree(arena
*a
, void *p
) { l_free((lmem
*)a
, p
); }
77 static void apurge(arena
*a
) { l_purge((lmem
*)a
); }
79 static const arena_ops l_ops
= { aalloc
, arena_fakerealloc
, afree
, apurge
};
81 /*----- Main code ---------------------------------------------------------*/
85 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
86 * @size_t sz@ = size of locked memory area requested
88 * Returns: Zero if everything is fine, @+1@ if some insecure memory was
89 * allocated, and @-1@ if everything went horribly wrong.
91 * Use: Initializes the locked memory manager. This function is safe
92 * to call in a privileged program; privileges should usually be
93 * dropped after allocating the locked memory block.
95 * You must call @sub_init@ before allocating locked memory
99 int l_init(lmem
*lm
, size_t sz
)
105 /* --- Preliminaries --- */
111 /* --- Try making a secure locked passphrase buffer --- *
113 * Drop privileges before emitting diagnostic messages.
118 /* --- Memory-map a page from somewhere --- */
121 p
= mmap(0, sz
, PROT_READ
| PROT_WRITE
, MAP_PRIVATE
| MAP_ANON
, -1, 0);
125 if ((fd
= open("/dev/zero", O_RDWR
)) >= 0) {
126 p
= mmap(0, sz
, PROT_READ
| PROT_WRITE
, MAP_PRIVATE
, fd
, 0);
132 /* --- Lock the page in memory --- *
134 * Why does @mmap@ return such a stupid result if it fails?
137 if (p
== 0 || p
== MAP_FAILED
) {
138 lm
->emsg
= "couldn't map locked memory area: %s";
141 } else if (mlock(p
, sz
)) {
142 lm
->emsg
= "error locking memory area: %s";
151 /* --- Make a standard passphrase buffer --- */
157 lm
->emsg
= "locked memory not available on this system";
160 if ((p
= malloc(sz
)) == 0) {
161 lm
->emsg
= "not enough standard memory!";
168 /* --- Initialize the buffer --- */
170 lm
->sz
= lm
->free
= sz
;
173 /* --- Initialize the free list --- */
187 /* --- @l_alloc@ --- *
189 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
190 * @size_t sz@ = size requested
192 * Returns: Pointer to allocated memory.
194 * Use: Allocates @sz@ bytes of locked memory.
197 void *l_alloc(lmem
*lm
, size_t sz
)
201 sz
= (sz
+ 3u) & ~3u;
202 for (l
= lm
->l
; l
; l
= l
->next
) {
209 l_node
*n
= CREATE(l_node
);
217 assert(((void)"Locked buffer space has vanished", lm
->free
>= sz
));
224 /* --- @l_free@ --- *
226 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
227 * @void *p@ = pointer to block
231 * Use: Releases a block of locked memory.
234 void l_free(lmem
*lm
, void *p
)
239 for (l
= lm
->l
; l
; l
= l
->next
) {
242 /* --- If this isn't the block, skip it --- */
248 assert(((void)"Block is already free", l
->f
& LF_ALLOC
));
250 /* --- Coalesce with adjacent free blocks --- */
256 if (ll
&& !(ll
->f
& LF_ALLOC
)) {
257 assert(((void)"Previous block doesn't fit", ll
->p
+ ll
->sz
== p
));
265 if (ll
&& !(ll
->f
& LF_ALLOC
)) {
266 assert(((void)"Next block doesn't fit", ll
->p
== l
->p
+ l
->sz
));
273 assert(((void)"Free lunch", lm
->free
<= lm
->sz
));
276 assert(((void)"Not a locked block", 0));
279 /* --- @l_purge@ --- *
281 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
285 * Use: Purges all the free blocks in the buffer, and clears all of
286 * the locked memory. Memory is not freed back to the system.
289 void l_purge(lmem
*lm
)
295 l_node
*ll
= l
->next
;
299 memset(lm
->p
, 0, lm
->sz
);
309 /* --- @l_destroy@ --- *
311 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
315 * Use: Disposes of a locked memory arena permanently.
318 void l_destroy(lmem
*lm
)
324 l_node
*ll
= l
->next
;
328 memset(lm
->p
, 0, lm
->sz
);
330 if (lm
->f
& LF_LOCKED
)
331 munmap(lm
->p
, lm
->sz
);
336 /* --- @l_report@ --- *
338 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
339 * @dstr *d@ = string to write the error message on
341 * Returns: Zero if the buffer is fine, @+1@ if there was a problem
342 * getting locked memory but insecure stuff could be allocated,
343 * and @-1@ if not even insecure memory could be found.
345 * Use: Returns a user-digestable explanation for the state of a
346 * locked memory buffer. If the return code is zero, no message
347 * is emitted to the string @d@.
350 int l_report(lmem
*lm
, dstr
*d
)
354 dstr_putf(d
, lm
->emsg
, strerror(lm
->err
));
364 /*----- That's all, folks -------------------------------------------------*/