From 359df77829d85c6a415220fb4f21d5331323c79f Mon Sep 17 00:00:00 2001 From: mdw Date: Wed, 22 Dec 1999 16:02:52 +0000 Subject: [PATCH] Interface to allocating `locked' memory (which isn't paged out). --- lmem.c | 313 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ lmem.h | 160 +++++++++++++++++++++++++++++++++ 2 files changed, 473 insertions(+) create mode 100644 lmem.c create mode 100644 lmem.h diff --git a/lmem.c b/lmem.c new file mode 100644 index 0000000..e443aa6 --- /dev/null +++ b/lmem.c @@ -0,0 +1,313 @@ +/* -*-c-*- + * + * $Id: lmem.c,v 1.1 1999/12/22 16:02:52 mdw Exp $ + * + * Locked memory allocation (Unix-specific) + * + * (c) 1999 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: lmem.c,v $ + * Revision 1.1 1999/12/22 16:02:52 mdw + * Interface to allocating `locked' memory (which isn't paged out). + * + */ + +/*----- Header files ------------------------------------------------------*/ + +#include "config.h" + +#include +#include +#include +#include +#include + +#include +#include + +#ifdef HAVE_MLOCK +# include +#endif + +#include +#include + +#include "lmem.h" + +/*----- Main code ---------------------------------------------------------*/ + +/* --- @l_init@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * @size_t sz@ = size of locked memory area requested + * + * Returns: Zero if everything is fine, @+1@ if some insecure memory was + * allocated, and @-1@ if everything went horribly wrong. + * + * Use: Initializes the locked memory manager. This function is safe + * to call in a privileged program; privileges should usually be + * dropped after allocating the locked memory block. + * + * You must call @sub_init@ before allocating locked memory + * buffers. + */ + +int l_init(lmem *lm, size_t sz) +{ + char *p; + int rc = 0; + l_node *l; + + /* --- Preliminaries --- */ + + lm->err = 0; + + /* --- Try making a secure locked passphrase buffer --- * + * + * Drop privileges before emitting diagnostic messages. + */ + +#ifdef HAVE_MLOCK + + /* --- Memory-map a page from somewhere --- */ + +# ifdef MAP_ANON + p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); +# else + { + int fd; + if ((fd = open("/dev/zero", O_RDWR)) >= 0) { + p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); + close(fd); + } + } +# endif + + /* --- Lock the page in memory --- * + * + * Why does @mmap@ return such a stupid result if it fails? + */ + + if (p == 0 || p == MAP_FAILED) { + lm->emsg = "couldn't map locked memory area: %s"; + lm->err = errno; + p = 0; + } else if (mlock(p, sz)) { + lm->emsg = "error locking memory area: %s"; + lm->err = errno; + munmap(p, sz); + p = 0; + } + +#endif + + /* --- Make a standard passphrase buffer --- */ + +#ifdef HAVE_MLOCK + if (!p) +#else + ll->err = 0; + ll->emsg = "locked memory not available on this system"; +#endif + { + if ((p = malloc(sz)) == 0) { + lm->emsg = "not enough standard memory!"; + lm->err = ENOMEM; + return (-1); + } + rc = +1; + } + + /* --- Initialize the buffer --- */ + + lm->sz = lm->free = sz; + lm->p = p; + + /* --- Initialize the free list --- */ + + l = CREATE(l_node); + l->next = 0; + l->p = p; + l->sz = sz; + l->f = 0; + lm->l = l; + + /* --- Done --- */ + + return (rc); +} + +/* --- @l_alloc@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * @size_t sz@ = size requested + * + * Returns: Pointer to allocated memory. + * + * Use: Allocates @sz@ bytes of locked memory. + */ + +void *l_alloc(lmem *lm, size_t sz) +{ + l_node *l; + + sz = (sz + 3u) & ~3u; + for (l = lm->l; l; l = l->next) { + if (l->f & LF_ALLOC) + continue; + if (l->sz < sz) + continue; + l->f |= LF_ALLOC; + if (l->sz > sz) { + l_node *n = CREATE(l_node); + n->next = l->next; + n->p = l->p + sz; + n->sz = l->sz - sz; + l->sz = sz; + n->f = 0; + l->next = n; + } + assert(((void)"Locked buffer space has vanished", lm->free >= sz)); + lm->free -= sz; + return (l->p); + } + return (0); +} + +/* --- @l_free@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * @void *p@ = pointer to block + * + * Returns: --- + * + * Use: Releases a block of locked memory. + */ + +void l_free(lmem *lm, void *p) +{ + l_node *l; + l_node *ll = 0; + + for (l = lm->l; l; l = l->next) { + size_t sz; + + /* --- If this isn't the block, skip it --- */ + + if (l->p != p) { + ll = l; + continue; + } + assert(((void)"Block is already free", l->f & LF_ALLOC)); + + /* --- Coalesce with adjacent free blocks --- */ + + l->f &= ~LF_ALLOC; + sz = l->sz; + memset(p, 0, sz); + + if (ll && !(ll->f & LF_ALLOC)) { + assert(((void)"Previous block doesn't fit", ll->p + ll->sz == p)); + ll->sz += sz; + ll->next = l->next; + DESTROY(l); + l = ll; + } + + ll = l->next; + if (ll && !(ll->f & LF_ALLOC)) { + assert(((void)"Next block doesn't fit", ll->p == l->p + l->sz)); + l->sz += ll->sz; + l->next = ll->next; + DESTROY(ll); + } + + lm->free += sz; + assert(((void)"Free lunch", lm->free <= lm->sz)); + return; + } + assert(((void)"Not a locked block", 0)); +} + +/* --- @l_purge@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * + * Returns: --- + * + * Use: Purges all the free blocks in the buffer, and clears all of + * the locked memory. Memory is not freed back to the system. + */ + +void l_purge(lmem *lm) +{ + l_node *l; + + l = lm->l; + while (l) { + l_node *ll = l->next; + DESTROY(l); + l = ll; + } + memset(lm->p, 0, lm->sz); + l = CREATE(l_node); + l->next = 0; + l->p = lm->p; + l->sz = lm->sz; + l->f = 0; + lm->l = l; + lm->free = l->sz; +} + +/* --- @l_report@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * @dstr *d@ = string to write the error message on + * + * Returns: Zero if the buffer is fine, @+1@ if there was a problem + * getting locked memory but insecure stuff could be allocated, + * and @-1@ if not even insecure memory could be found. + * + * Use: Returns a user-digestable explanation for the state of a + * locked memory buffer. If the return code is zero, no message + * is emitted to the string @d@. + */ + +int l_report(lmem *lm, dstr *d) +{ + int rc; + if (lm->err) + dstr_putf(d, lm->emsg, strerror(lm->err)); + if (!lm->p) + rc = -1; + else if (lm->err) + rc = +1; + else + rc = 0; + return (rc); +} + +/*----- That's all, folks -------------------------------------------------*/ diff --git a/lmem.h b/lmem.h new file mode 100644 index 0000000..8546dcf --- /dev/null +++ b/lmem.h @@ -0,0 +1,160 @@ +/* -*-c-*- + * + * $Id: lmem.h,v 1.1 1999/12/22 16:02:52 mdw Exp $ + * + * Locked memory allocation + * + * (c) 1999 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: lmem.h,v $ + * Revision 1.1 1999/12/22 16:02:52 mdw + * Interface to allocating `locked' memory (which isn't paged out). + * + */ + +#ifndef CATACOMB_LMEM_H +#define CATACOMB_LMEM_H + +#ifdef __cplusplus + extern "C" { +#endif + +/*----- Header files ------------------------------------------------------*/ + +#include + +#include + +/*----- Data structures ---------------------------------------------------*/ + +/* --- Block list --- * + * + * The block list is kept in normal memory, to avoid wasting precious locked + * memory. Entries are sorted into ascending address order to make + * coalescing free blocks easier. All blocks, free or not, are included in + * the list. + */ + +typedef struct l_node { + struct l_node *next; /* Next free block in chain */ + char *p; /* Pointer to the block */ + size_t sz; /* Size of the block */ + unsigned f; /* Various flags */ +} l_node; + +enum { + LF_ALLOC = 1 +}; + +/* --- Locked memory buffer state --- */ + +typedef struct lmem { + char *p; /* Pointer to locked buffer */ + l_node *l; /* Pointer to block list */ + size_t sz; /* Size of locked buffer */ + size_t free; /* Size of free area */ + int err; char *emsg; /* Error indicators */ +} lmem; + +/*----- Functions provided ------------------------------------------------*/ + +/* --- @l_init@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * @size_t sz@ = size of locked memory area requested + * + * Returns: Zero if everything is fine, @+1@ if some insecure memory was + * allocated, and @-1@ if everything went horribly wrong. + * + * Use: Initializes the locked memory manager. This function is safe + * to call in a privileged program; privileges should usually be + * dropped after allocating the locked memory block. + * + * You must call @sub_init@ before allocating locked memory + * buffers. + */ + +extern int l_init(lmem */*lm*/, size_t /*sz*/); + +/* --- @l_alloc@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * @size_t sz@ = size requested + * + * Returns: Pointer to allocated memory. + * + * Use: Allocates @sz@ bytes of locked memory. + */ + +extern void *l_alloc(lmem */*lm*/, size_t /*sz*/); + +/* --- @l_free@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * @void *p@ = pointer to block + * + * Returns: --- + * + * Use: Releases a block of locked memory. + */ + +extern void l_free(lmem */*lm*/, void */*p*/); + +/* --- @l_purge@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * + * Returns: --- + * + * Use: Purges all the free blocks in the buffer, and clears all of + * the locked memory. Memory is not freed back to the system. + */ + +extern void l_purge(lmem */*lm*/); + +/* --- @l_report@ --- * + * + * Arguments: @lmem *lm@ = pointer to locked memory descriptor + * @dstr *d@ = string to write the error message on + * + * Returns: Zero if the buffer is fine, @+1@ if there was a problem + * getting locked memory but insecure stuff could be allocated, + * and @-1@ if not even insecure memory could be found. + * + * Use: Returns a user-digestable explanation for the state of a + * locked memory buffer. If the return code is zero, no message + * is emitted to the string @d@. + */ + +extern int l_report(lmem */*lm*/, dstr */*d*/); + +/*----- That's all, folks -------------------------------------------------*/ + +#ifdef __cplusplus + } +#endif + +#endif -- 2.11.0