3 * $Id: lmem.c,v 1.3 2000/07/29 21:58:15 mdw Exp $
5 * Locked memory allocation (Unix-specific)
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.3 2000/07/29 21:58:15 mdw
34 * (l_destroy): New function for destroying locked memory blocks.
36 * Revision 1.2 2000/06/17 11:29:20 mdw
39 * Revision 1.1 1999/12/22 16:02:52 mdw
40 * Interface to allocating `locked' memory (which isn't paged out).
44 /*----- Header files ------------------------------------------------------*/
54 #include <sys/types.h>
58 # include <sys/mman.h>
61 #include <mLib/arena.h>
62 #include <mLib/dstr.h>
67 /*----- Arena operations --------------------------------------------------*/
69 static void *aalloc(arena *a, size_t sz) { return l_alloc((lmem *)a, sz); }
70 static void afree(arena *a, void *p) { l_free((lmem *)a, p); }
71 static void apurge(arena *a) { l_purge((lmem *)a); }
73 static arena_ops l_ops = { aalloc, arena_fakerealloc, afree, apurge };
75 /*----- Main code ---------------------------------------------------------*/
79 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
80 * @size_t sz@ = size of locked memory area requested
82 * Returns: Zero if everything is fine, @+1@ if some insecure memory was
83 * allocated, and @-1@ if everything went horribly wrong.
85 * Use: Initializes the locked memory manager. This function is safe
86 * to call in a privileged program; privileges should usually be
87 * dropped after allocating the locked memory block.
89 * You must call @sub_init@ before allocating locked memory
93 int l_init(lmem *lm, size_t sz)
99 /* --- Preliminaries --- */
105 /* --- Try making a secure locked passphrase buffer --- *
107 * Drop privileges before emitting diagnostic messages.
112 /* --- Memory-map a page from somewhere --- */
115 p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
119 if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
120 p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
126 /* --- Lock the page in memory --- *
128 * Why does @mmap@ return such a stupid result if it fails?
131 if (p == 0 || p == MAP_FAILED) {
132 lm->emsg = "couldn't map locked memory area: %s";
135 } else if (mlock(p, sz)) {
136 lm->emsg = "error locking memory area: %s";
145 /* --- Make a standard passphrase buffer --- */
151 ll->emsg = "locked memory not available on this system";
154 if ((p = malloc(sz)) == 0) {
155 lm->emsg = "not enough standard memory!";
162 /* --- Initialize the buffer --- */
164 lm->sz = lm->free = sz;
167 /* --- Initialize the free list --- */
181 /* --- @l_alloc@ --- *
183 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
184 * @size_t sz@ = size requested
186 * Returns: Pointer to allocated memory.
188 * Use: Allocates @sz@ bytes of locked memory.
191 void *l_alloc(lmem *lm, size_t sz)
195 sz = (sz + 3u) & ~3u;
196 for (l = lm->l; l; l = l->next) {
203 l_node *n = CREATE(l_node);
211 assert(((void)"Locked buffer space has vanished", lm->free >= sz));
218 /* --- @l_free@ --- *
220 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
221 * @void *p@ = pointer to block
225 * Use: Releases a block of locked memory.
228 void l_free(lmem *lm, void *p)
233 for (l = lm->l; l; l = l->next) {
236 /* --- If this isn't the block, skip it --- */
242 assert(((void)"Block is already free", l->f & LF_ALLOC));
244 /* --- Coalesce with adjacent free blocks --- */
250 if (ll && !(ll->f & LF_ALLOC)) {
251 assert(((void)"Previous block doesn't fit", ll->p + ll->sz == p));
259 if (ll && !(ll->f & LF_ALLOC)) {
260 assert(((void)"Next block doesn't fit", ll->p == l->p + l->sz));
267 assert(((void)"Free lunch", lm->free <= lm->sz));
270 assert(((void)"Not a locked block", 0));
273 /* --- @l_purge@ --- *
275 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
279 * Use: Purges all the free blocks in the buffer, and clears all of
280 * the locked memory. Memory is not freed back to the system.
283 void l_purge(lmem *lm)
289 l_node *ll = l->next;
293 memset(lm->p, 0, lm->sz);
303 /* --- @l_destroy@ --- *
305 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
309 * Use: Disposes of a locked memory arena permanently.
312 void l_destroy(lmem *lm)
318 l_node *ll = l->next;
322 memset(lm->p, 0, lm->sz);
324 if (lm->f & LF_LOCKED)
325 munmap(lm->p, lm->sz);
330 /* --- @l_report@ --- *
332 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
333 * @dstr *d@ = string to write the error message on
335 * Returns: Zero if the buffer is fine, @+1@ if there was a problem
336 * getting locked memory but insecure stuff could be allocated,
337 * and @-1@ if not even insecure memory could be found.
339 * Use: Returns a user-digestable explanation for the state of a
340 * locked memory buffer. If the return code is zero, no message
341 * is emitted to the string @d@.
344 int l_report(lmem *lm, dstr *d)
348 dstr_putf(d, lm->emsg, strerror(lm->err));
358 /*----- That's all, folks -------------------------------------------------*/