--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: lmem.c,v 1.1 1999/12/22 16:02:52 mdw Exp $
+ *
+ * Locked memory allocation (Unix-specific)
+ *
+ * (c) 1999 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Library General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: lmem.c,v $
+ * Revision 1.1 1999/12/22 16:02:52 mdw
+ * Interface to allocating `locked' memory (which isn't paged out).
+ *
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include "config.h"
+
+#include <assert.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <sys/types.h>
+#include <unistd.h>
+
+#ifdef HAVE_MLOCK
+# include <sys/mman.h>
+#endif
+
+#include <mLib/dstr.h>
+#include <mLib/sub.h>
+
+#include "lmem.h"
+
+/*----- Main code ---------------------------------------------------------*/
+
+/* --- @l_init@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ * @size_t sz@ = size of locked memory area requested
+ *
+ * Returns: Zero if everything is fine, @+1@ if some insecure memory was
+ * allocated, and @-1@ if everything went horribly wrong.
+ *
+ * Use: Initializes the locked memory manager. This function is safe
+ * to call in a privileged program; privileges should usually be
+ * dropped after allocating the locked memory block.
+ *
+ * You must call @sub_init@ before allocating locked memory
+ * buffers.
+ */
+
+int l_init(lmem *lm, size_t sz)
+{
+ char *p;
+ int rc = 0;
+ l_node *l;
+
+ /* --- Preliminaries --- */
+
+ lm->err = 0;
+
+ /* --- Try making a secure locked passphrase buffer --- *
+ *
+ * Drop privileges before emitting diagnostic messages.
+ */
+
+#ifdef HAVE_MLOCK
+
+ /* --- Memory-map a page from somewhere --- */
+
+# ifdef MAP_ANON
+ p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
+# else
+ {
+ int fd;
+ if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
+ p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+ close(fd);
+ }
+ }
+# endif
+
+ /* --- Lock the page in memory --- *
+ *
+ * Why does @mmap@ return such a stupid result if it fails?
+ */
+
+ if (p == 0 || p == MAP_FAILED) {
+ lm->emsg = "couldn't map locked memory area: %s";
+ lm->err = errno;
+ p = 0;
+ } else if (mlock(p, sz)) {
+ lm->emsg = "error locking memory area: %s";
+ lm->err = errno;
+ munmap(p, sz);
+ p = 0;
+ }
+
+#endif
+
+ /* --- Make a standard passphrase buffer --- */
+
+#ifdef HAVE_MLOCK
+ if (!p)
+#else
+ ll->err = 0;
+ ll->emsg = "locked memory not available on this system";
+#endif
+ {
+ if ((p = malloc(sz)) == 0) {
+ lm->emsg = "not enough standard memory!";
+ lm->err = ENOMEM;
+ return (-1);
+ }
+ rc = +1;
+ }
+
+ /* --- Initialize the buffer --- */
+
+ lm->sz = lm->free = sz;
+ lm->p = p;
+
+ /* --- Initialize the free list --- */
+
+ l = CREATE(l_node);
+ l->next = 0;
+ l->p = p;
+ l->sz = sz;
+ l->f = 0;
+ lm->l = l;
+
+ /* --- Done --- */
+
+ return (rc);
+}
+
+/* --- @l_alloc@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ * @size_t sz@ = size requested
+ *
+ * Returns: Pointer to allocated memory.
+ *
+ * Use: Allocates @sz@ bytes of locked memory.
+ */
+
+void *l_alloc(lmem *lm, size_t sz)
+{
+ l_node *l;
+
+ sz = (sz + 3u) & ~3u;
+ for (l = lm->l; l; l = l->next) {
+ if (l->f & LF_ALLOC)
+ continue;
+ if (l->sz < sz)
+ continue;
+ l->f |= LF_ALLOC;
+ if (l->sz > sz) {
+ l_node *n = CREATE(l_node);
+ n->next = l->next;
+ n->p = l->p + sz;
+ n->sz = l->sz - sz;
+ l->sz = sz;
+ n->f = 0;
+ l->next = n;
+ }
+ assert(((void)"Locked buffer space has vanished", lm->free >= sz));
+ lm->free -= sz;
+ return (l->p);
+ }
+ return (0);
+}
+
+/* --- @l_free@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ * @void *p@ = pointer to block
+ *
+ * Returns: ---
+ *
+ * Use: Releases a block of locked memory.
+ */
+
+void l_free(lmem *lm, void *p)
+{
+ l_node *l;
+ l_node *ll = 0;
+
+ for (l = lm->l; l; l = l->next) {
+ size_t sz;
+
+ /* --- If this isn't the block, skip it --- */
+
+ if (l->p != p) {
+ ll = l;
+ continue;
+ }
+ assert(((void)"Block is already free", l->f & LF_ALLOC));
+
+ /* --- Coalesce with adjacent free blocks --- */
+
+ l->f &= ~LF_ALLOC;
+ sz = l->sz;
+ memset(p, 0, sz);
+
+ if (ll && !(ll->f & LF_ALLOC)) {
+ assert(((void)"Previous block doesn't fit", ll->p + ll->sz == p));
+ ll->sz += sz;
+ ll->next = l->next;
+ DESTROY(l);
+ l = ll;
+ }
+
+ ll = l->next;
+ if (ll && !(ll->f & LF_ALLOC)) {
+ assert(((void)"Next block doesn't fit", ll->p == l->p + l->sz));
+ l->sz += ll->sz;
+ l->next = ll->next;
+ DESTROY(ll);
+ }
+
+ lm->free += sz;
+ assert(((void)"Free lunch", lm->free <= lm->sz));
+ return;
+ }
+ assert(((void)"Not a locked block", 0));
+}
+
+/* --- @l_purge@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ *
+ * Returns: ---
+ *
+ * Use: Purges all the free blocks in the buffer, and clears all of
+ * the locked memory. Memory is not freed back to the system.
+ */
+
+void l_purge(lmem *lm)
+{
+ l_node *l;
+
+ l = lm->l;
+ while (l) {
+ l_node *ll = l->next;
+ DESTROY(l);
+ l = ll;
+ }
+ memset(lm->p, 0, lm->sz);
+ l = CREATE(l_node);
+ l->next = 0;
+ l->p = lm->p;
+ l->sz = lm->sz;
+ l->f = 0;
+ lm->l = l;
+ lm->free = l->sz;
+}
+
+/* --- @l_report@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ * @dstr *d@ = string to write the error message on
+ *
+ * Returns: Zero if the buffer is fine, @+1@ if there was a problem
+ * getting locked memory but insecure stuff could be allocated,
+ * and @-1@ if not even insecure memory could be found.
+ *
+ * Use: Returns a user-digestable explanation for the state of a
+ * locked memory buffer. If the return code is zero, no message
+ * is emitted to the string @d@.
+ */
+
+int l_report(lmem *lm, dstr *d)
+{
+ int rc;
+ if (lm->err)
+ dstr_putf(d, lm->emsg, strerror(lm->err));
+ if (!lm->p)
+ rc = -1;
+ else if (lm->err)
+ rc = +1;
+ else
+ rc = 0;
+ return (rc);
+}
+
+/*----- That's all, folks -------------------------------------------------*/
--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: lmem.h,v 1.1 1999/12/22 16:02:52 mdw Exp $
+ *
+ * Locked memory allocation
+ *
+ * (c) 1999 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Library General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: lmem.h,v $
+ * Revision 1.1 1999/12/22 16:02:52 mdw
+ * Interface to allocating `locked' memory (which isn't paged out).
+ *
+ */
+
+#ifndef CATACOMB_LMEM_H
+#define CATACOMB_LMEM_H
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/*----- Header files ------------------------------------------------------*/
+
+#include <stddef.h>
+
+#include <mLib/dstr.h>
+
+/*----- Data structures ---------------------------------------------------*/
+
+/* --- Block list --- *
+ *
+ * The block list is kept in normal memory, to avoid wasting precious locked
+ * memory. Entries are sorted into ascending address order to make
+ * coalescing free blocks easier. All blocks, free or not, are included in
+ * the list.
+ */
+
+typedef struct l_node {
+ struct l_node *next; /* Next free block in chain */
+ char *p; /* Pointer to the block */
+ size_t sz; /* Size of the block */
+ unsigned f; /* Various flags */
+} l_node;
+
+enum {
+ LF_ALLOC = 1
+};
+
+/* --- Locked memory buffer state --- */
+
+typedef struct lmem {
+ char *p; /* Pointer to locked buffer */
+ l_node *l; /* Pointer to block list */
+ size_t sz; /* Size of locked buffer */
+ size_t free; /* Size of free area */
+ int err; char *emsg; /* Error indicators */
+} lmem;
+
+/*----- Functions provided ------------------------------------------------*/
+
+/* --- @l_init@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ * @size_t sz@ = size of locked memory area requested
+ *
+ * Returns: Zero if everything is fine, @+1@ if some insecure memory was
+ * allocated, and @-1@ if everything went horribly wrong.
+ *
+ * Use: Initializes the locked memory manager. This function is safe
+ * to call in a privileged program; privileges should usually be
+ * dropped after allocating the locked memory block.
+ *
+ * You must call @sub_init@ before allocating locked memory
+ * buffers.
+ */
+
+extern int l_init(lmem */*lm*/, size_t /*sz*/);
+
+/* --- @l_alloc@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ * @size_t sz@ = size requested
+ *
+ * Returns: Pointer to allocated memory.
+ *
+ * Use: Allocates @sz@ bytes of locked memory.
+ */
+
+extern void *l_alloc(lmem */*lm*/, size_t /*sz*/);
+
+/* --- @l_free@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ * @void *p@ = pointer to block
+ *
+ * Returns: ---
+ *
+ * Use: Releases a block of locked memory.
+ */
+
+extern void l_free(lmem */*lm*/, void */*p*/);
+
+/* --- @l_purge@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ *
+ * Returns: ---
+ *
+ * Use: Purges all the free blocks in the buffer, and clears all of
+ * the locked memory. Memory is not freed back to the system.
+ */
+
+extern void l_purge(lmem */*lm*/);
+
+/* --- @l_report@ --- *
+ *
+ * Arguments: @lmem *lm@ = pointer to locked memory descriptor
+ * @dstr *d@ = string to write the error message on
+ *
+ * Returns: Zero if the buffer is fine, @+1@ if there was a problem
+ * getting locked memory but insecure stuff could be allocated,
+ * and @-1@ if not even insecure memory could be found.
+ *
+ * Use: Returns a user-digestable explanation for the state of a
+ * locked memory buffer. If the return code is zero, no message
+ * is emitted to the string @d@.
+ */
+
+extern int l_report(lmem */*lm*/, dstr */*d*/);
+
+/*----- That's all, folks -------------------------------------------------*/
+
+#ifdef __cplusplus
+ }
+#endif
+
+#endif