git.distorted.org.uk Git - u/mdw/catacomb/blob - lmem.c

   1 /* -*-c-*-
   2  *
   3  * $Id: lmem.c,v 1.4 2002/01/24 22:26:11 mdw Exp $
   4  *
   5  * Locked memory allocation (Unix-specific)
   6  *
   7  * (c) 1999 Straylight/Edgeware
   8  */
   9
  10 /*----- Licensing notice --------------------------------------------------*
  11  *
  12  * This file is part of Catacomb.
  13  *
  14  * Catacomb is free software; you can redistribute it and/or modify
  15  * it under the terms of the GNU Library General Public License as
  16  * published by the Free Software Foundation; either version 2 of the
  17  * License, or (at your option) any later version.
  18  *
  19  * Catacomb is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU Library General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU Library General Public
  25  * License along with Catacomb; if not, write to the Free
  26  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
  27  * MA 02111-1307, USA.
  28  */
  29
  30 /*----- Revision history --------------------------------------------------*
  31  *
  32  * $Log: lmem.c,v $
  33  * Revision 1.4  2002/01/24 22:26:11  mdw
  34  * Fix build failure when @mlock@ not available.
  35  *
  36  * Revision 1.3  2000/07/29 21:58:15  mdw
  37  * (l_destroy): New function for destroying locked memory blocks.
  38  *
  39  * Revision 1.2  2000/06/17 11:29:20  mdw
  40  * Add arena support.
  41  *
  42  * Revision 1.1  1999/12/22 16:02:52  mdw
  43  * Interface to allocating `locked' memory (which isn't paged out).
  44  *
  45  */
  46
  47 /*----- Header files ------------------------------------------------------*/
  48
  49 #include "config.h"
  50
  51 #include <assert.h>
  52 #include <errno.h>
  53 #include <stdio.h>
  54 #include <stdlib.h>
  55 #include <string.h>
  56
  57 #include <sys/types.h>
  58 #include <unistd.h>
  59
  60 #ifdef HAVE_MLOCK
  61 #  include <sys/mman.h>
  62 #endif
  63
  64 #include <mLib/arena.h>
  65 #include <mLib/dstr.h>
  66 #include <mLib/sub.h>
  67
  68 #include "lmem.h"
  69
  70 /*----- Arena operations --------------------------------------------------*/
  71
  72 static void *aalloc(arena *a, size_t sz) { return l_alloc((lmem *)a, sz); }
  73 static void afree(arena *a, void *p) { l_free((lmem *)a, p); }
  74 static void apurge(arena *a) { l_purge((lmem *)a); }
  75
  76 static arena_ops l_ops = { aalloc, arena_fakerealloc, afree, apurge };
  77
  78 /*----- Main code ---------------------------------------------------------*/
  79
  80 /* --- @l_init@ --- *
  81  *
  82  * Arguments:   @lmem *lm@ = pointer to locked memory descriptor
  83  *              @size_t sz@ = size of locked memory area requested
  84  *
  85  * Returns:     Zero if everything is fine, @+1@ if some insecure memory was
  86  *              allocated, and @-1@ if everything went horribly wrong.
  87  *
  88  * Use:         Initializes the locked memory manager.  This function is safe
  89  *              to call in a privileged program; privileges should usually be
  90  *              dropped after allocating the locked memory block.
  91  *
  92  *              You must call @sub_init@ before allocating locked memory
  93  *              buffers.
  94  */
  95
  96 int l_init(lmem *lm, size_t sz)
  97 {
  98   char *p;
  99   int rc = 0;
 100   l_node *l;
 101
 102   /* --- Preliminaries --- */
 103
 104   lm->a.ops = &l_ops;
 105   lm->err = 0;
 106   lm->f = 0;
 107
 108   /* --- Try making a secure locked passphrase buffer --- *
 109    *
 110    * Drop privileges before emitting diagnostic messages.
 111    */
 112
 113 #ifdef HAVE_MLOCK
 114
 115   /* --- Memory-map a page from somewhere --- */
 116
 117 #  ifdef MAP_ANON
 118   p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
 119 #  else
 120   {
 121     int fd;
 122     if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
 123       p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
 124       close(fd);
 125     }
 126   }
 127 #  endif
 128
 129   /* --- Lock the page in memory --- *
 130    *
 131    * Why does @mmap@ return such a stupid result if it fails?
 132    */
 133
 134   if (p == 0 || p == MAP_FAILED) {
 135     lm->emsg = "couldn't map locked memory area: %s";
 136     lm->err = errno;
 137     p = 0;
 138   } else if (mlock(p, sz)) {
 139     lm->emsg = "error locking memory area: %s";
 140     lm->err = errno;
 141     munmap(p, sz);
 142     p = 0;
 143   } else
 144     lm->f |= LF_LOCKED;
 145
 146 #endif
 147
 148   /* --- Make a standard passphrase buffer --- */
 149
 150 #ifdef HAVE_MLOCK
 151   if (!p)
 152 #else
 153   lm->err = 0;
 154   lm->emsg = "locked memory not available on this system";
 155 #endif
 156   {
 157     if ((p = malloc(sz)) == 0) {
 158       lm->emsg = "not enough standard memory!";
 159       lm->err = ENOMEM;
 160       return (-1);
 161     }
 162     rc = +1;
 163   }
 164
 165   /* --- Initialize the buffer --- */
 166
 167   lm->sz = lm->free = sz;
 168   lm->p = p;
 169
 170   /* --- Initialize the free list --- */
 171
 172   l = CREATE(l_node);
 173   l->next = 0;
 174   l->p = p;
 175   l->sz = sz;
 176   l->f = 0;
 177   lm->l = l;
 178
 179   /* --- Done --- */
 180
 181   return (rc);
 182 }
 183
 184 /* --- @l_alloc@ --- *
 185  *
 186  * Arguments:   @lmem *lm@ = pointer to locked memory descriptor
 187  *              @size_t sz@ = size requested
 188  *
 189  * Returns:     Pointer to allocated memory.
 190  *
 191  * Use:         Allocates @sz@ bytes of locked memory.
 192  */
 193
 194 void *l_alloc(lmem *lm, size_t sz)
 195 {
 196   l_node *l;
 197
 198   sz = (sz + 3u) & ~3u;
 199   for (l = lm->l; l; l = l->next) {
 200     if (l->f & LF_ALLOC)
 201       continue;
 202     if (l->sz < sz)
 203       continue;
 204     l->f |= LF_ALLOC;
 205     if (l->sz > sz) {
 206       l_node *n = CREATE(l_node);
 207       n->next = l->next;
 208       n->p = l->p + sz;
 209       n->sz = l->sz - sz;
 210       l->sz = sz;
 211       n->f = 0;
 212       l->next = n;
 213     }
 214     assert(((void)"Locked buffer space has vanished", lm->free >= sz));
 215     lm->free -= sz;
 216     return (l->p);
 217   }
 218   return (0);
 219 }
 220
 221 /* --- @l_free@ --- *
 222  *
 223  * Arguments:   @lmem *lm@ = pointer to locked memory descriptor
 224  *              @void *p@ = pointer to block
 225  *
 226  * Returns:     ---
 227  *
 228  * Use:         Releases a block of locked memory.
 229  */
 230
 231 void l_free(lmem *lm, void *p)
 232 {
 233   l_node *l;
 234   l_node *ll = 0;
 235
 236   for (l = lm->l; l; l = l->next) {
 237     size_t sz;
 238
 239     /* --- If this isn't the block, skip it --- */
 240
 241     if (l->p != p) {
 242       ll = l;
 243       continue;
 244     }
 245     assert(((void)"Block is already free", l->f & LF_ALLOC));
 246
 247     /* --- Coalesce with adjacent free blocks --- */
 248
 249     l->f &= ~LF_ALLOC;
 250     sz = l->sz;
 251     memset(p, 0, sz);
 252
 253     if (ll && !(ll->f & LF_ALLOC)) {
 254       assert(((void)"Previous block doesn't fit", ll->p + ll->sz == p));
 255       ll->sz += sz;
 256       ll->next = l->next;
 257       DESTROY(l);
 258       l = ll;
 259     }
 260
 261     ll = l->next;
 262     if (ll && !(ll->f & LF_ALLOC)) {
 263       assert(((void)"Next block doesn't fit", ll->p == l->p + l->sz));
 264       l->sz += ll->sz;
 265       l->next = ll->next;
 266       DESTROY(ll);
 267     }
 268
 269     lm->free += sz;
 270     assert(((void)"Free lunch", lm->free <= lm->sz));
 271     return;
 272   }
 273   assert(((void)"Not a locked block", 0));
 274 }
 275
 276 /* --- @l_purge@ --- *
 277  *
 278  * Arguments:   @lmem *lm@ = pointer to locked memory descriptor
 279  *
 280  * Returns:     ---
 281  *
 282  * Use:         Purges all the free blocks in the buffer, and clears all of
 283  *              the locked memory.  Memory is not freed back to the system.
 284  */
 285
 286 void l_purge(lmem *lm)
 287 {
 288   l_node *l;
 289
 290   l = lm->l;
 291   while (l) {
 292     l_node *ll = l->next;
 293     DESTROY(l);
 294     l = ll;
 295   }
 296   memset(lm->p, 0, lm->sz);
 297   l = CREATE(l_node);
 298   l->next = 0;
 299   l->p = lm->p;
 300   l->sz = lm->sz;
 301   l->f = 0;
 302   lm->l = l;
 303   lm->free = l->sz;
 304 }
 305
 306 /* --- @l_destroy@ --- *
 307  *
 308  * Arguments:   @lmem *lm@ = pointer to locked memory descriptor
 309  *
 310  * Returns:     ---
 311  *
 312  * Use:         Disposes of a locked memory arena permanently.
 313  */
 314
 315 void l_destroy(lmem *lm)
 316 {
 317   l_node *l;
 318
 319   l = lm->l;
 320   while (l) {
 321     l_node *ll = l->next;
 322     DESTROY(l);
 323     l = ll;
 324   }
 325   memset(lm->p, 0, lm->sz);
 326
 327   if (lm->f & LF_LOCKED)
 328     munmap(lm->p, lm->sz);
 329   else
 330     free(lm->p);
 331 }
 332
 333 /* --- @l_report@ --- *
 334  *
 335  * Arguments:   @lmem *lm@ = pointer to locked memory descriptor
 336  *              @dstr *d@ = string to write the error message on
 337  *
 338  * Returns:     Zero if the buffer is fine, @+1@ if there was a problem
 339  *              getting locked memory but insecure stuff could be allocated,
 340  *              and @-1@ if not even insecure memory could be found.
 341  *
 342  * Use:         Returns a user-digestable explanation for the state of a
 343  *              locked memory buffer.  If the return code is zero, no message
 344  *              is emitted to the string @d@.
 345  */
 346
 347 int l_report(lmem *lm, dstr *d)
 348 {
 349   int rc;
 350   if (lm->err)
 351     dstr_putf(d, lm->emsg, strerror(lm->err));
 352   if (!lm->p)
 353     rc = -1;
 354   else if (lm->err)
 355     rc = +1;
 356   else
 357     rc = 0;
 358   return (rc);
 359 }
 360
 361 /*----- That's all, folks -------------------------------------------------*/