3 * $Id: lmem.c,v 1.2 2000/06/17 11:29:20 mdw Exp $
5 * Locked memory allocation (Unix-specific)
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.2 2000/06/17 11:29:20 mdw
36 * Revision 1.1 1999/12/22 16:02:52 mdw
37 * Interface to allocating `locked' memory (which isn't paged out).
41 /*----- Header files ------------------------------------------------------*/
51 #include <sys/types.h>
55 # include <sys/mman.h>
58 #include <mLib/arena.h>
59 #include <mLib/dstr.h>
64 /*----- Arena operations --------------------------------------------------*/
66 static void *aalloc(arena *a, size_t sz) { return l_alloc((lmem *)a, sz); }
67 static void afree(arena *a, void *p) { l_free((lmem *)a, p); }
68 static void apurge(arena *a) { l_purge((lmem *)a); }
70 static arena_ops l_ops = { aalloc, arena_fakerealloc, afree, apurge };
72 /*----- Main code ---------------------------------------------------------*/
76 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
77 * @size_t sz@ = size of locked memory area requested
79 * Returns: Zero if everything is fine, @+1@ if some insecure memory was
80 * allocated, and @-1@ if everything went horribly wrong.
82 * Use: Initializes the locked memory manager. This function is safe
83 * to call in a privileged program; privileges should usually be
84 * dropped after allocating the locked memory block.
86 * You must call @sub_init@ before allocating locked memory
90 int l_init(lmem *lm, size_t sz)
96 /* --- Preliminaries --- */
101 /* --- Try making a secure locked passphrase buffer --- *
103 * Drop privileges before emitting diagnostic messages.
108 /* --- Memory-map a page from somewhere --- */
111 p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
115 if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
116 p = mmap(0, sz, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
122 /* --- Lock the page in memory --- *
124 * Why does @mmap@ return such a stupid result if it fails?
127 if (p == 0 || p == MAP_FAILED) {
128 lm->emsg = "couldn't map locked memory area: %s";
131 } else if (mlock(p, sz)) {
132 lm->emsg = "error locking memory area: %s";
140 /* --- Make a standard passphrase buffer --- */
146 ll->emsg = "locked memory not available on this system";
149 if ((p = malloc(sz)) == 0) {
150 lm->emsg = "not enough standard memory!";
157 /* --- Initialize the buffer --- */
159 lm->sz = lm->free = sz;
162 /* --- Initialize the free list --- */
176 /* --- @l_alloc@ --- *
178 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
179 * @size_t sz@ = size requested
181 * Returns: Pointer to allocated memory.
183 * Use: Allocates @sz@ bytes of locked memory.
186 void *l_alloc(lmem *lm, size_t sz)
190 sz = (sz + 3u) & ~3u;
191 for (l = lm->l; l; l = l->next) {
198 l_node *n = CREATE(l_node);
206 assert(((void)"Locked buffer space has vanished", lm->free >= sz));
213 /* --- @l_free@ --- *
215 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
216 * @void *p@ = pointer to block
220 * Use: Releases a block of locked memory.
223 void l_free(lmem *lm, void *p)
228 for (l = lm->l; l; l = l->next) {
231 /* --- If this isn't the block, skip it --- */
237 assert(((void)"Block is already free", l->f & LF_ALLOC));
239 /* --- Coalesce with adjacent free blocks --- */
245 if (ll && !(ll->f & LF_ALLOC)) {
246 assert(((void)"Previous block doesn't fit", ll->p + ll->sz == p));
254 if (ll && !(ll->f & LF_ALLOC)) {
255 assert(((void)"Next block doesn't fit", ll->p == l->p + l->sz));
262 assert(((void)"Free lunch", lm->free <= lm->sz));
265 assert(((void)"Not a locked block", 0));
268 /* --- @l_purge@ --- *
270 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
274 * Use: Purges all the free blocks in the buffer, and clears all of
275 * the locked memory. Memory is not freed back to the system.
278 void l_purge(lmem *lm)
284 l_node *ll = l->next;
288 memset(lm->p, 0, lm->sz);
298 /* --- @l_report@ --- *
300 * Arguments: @lmem *lm@ = pointer to locked memory descriptor
301 * @dstr *d@ = string to write the error message on
303 * Returns: Zero if the buffer is fine, @+1@ if there was a problem
304 * getting locked memory but insecure stuff could be allocated,
305 * and @-1@ if not even insecure memory could be found.
307 * Use: Returns a user-digestable explanation for the state of a
308 * locked memory buffer. If the return code is zero, no message
309 * is emitted to the string @d@.
312 int l_report(lmem *lm, dstr *d)
316 dstr_putf(d, lm->emsg, strerror(lm->err));
326 /*----- That's all, folks -------------------------------------------------*/