github/ocf
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add secure alloc/free to posix env

Browse Source 
Signed-off-by: Adam Rutkowski <adam.j.rutkowski@intel.com>
This commit is contained in:
Adam Rutkowski 2019-04-18 17:53:59 -04:00
parent d4e929140e
commit 9528d1bf64
1 changed files with 55 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
env/posix/ocf_env.h vendored
View File

@ -31,6 +31,7 @@
#include <inttypes.h> #include <inttypes.h>
#include <sys/time.h> #include <sys/time.h>
#include <sys/param.h> #include <sys/param.h>
#include <sys/mman.h>
#include <zlib.h> #include <zlib.h>
#include "ocf_env_list.h" #include "ocf_env_list.h"
@ -59,6 +60,15 @@ typedef uint64_t sector_t;
#define PAGE_SIZE 4096 #define PAGE_SIZE 4096
/* *** DEBUGING *** */
#define ENV_WARN(cond, fmt...) printf(fmt)
#define ENV_WARN_ON(cond) ;
#define ENV_WARN_ONCE(cond, fmt...) ENV_WARN(cond, fmt)
#define ENV_BUG() assert(0)
#define ENV_BUG_ON(cond) assert(!(cond))
/* *** MEMORY MANAGEMENT *** */ /* *** MEMORY MANAGEMENT *** */
#define ENV_MEM_NORMAL 0 #define ENV_MEM_NORMAL 0
#define ENV_MEM_NOIO 0 #define ENV_MEM_NOIO 0
@ -99,6 +109,49 @@ static inline void env_vfree(const void *ptr)
free((void *)ptr); free((void *)ptr);
} }
/* *** SECURE MEMORY MANAGEMENT *** */
/*
* OCF adapter can opt to take additional steps to securely allocate and free
* memory used by OCF to store cache metadata. This is to prevent other
* entities in the system from acquiring parts of OCF cache metadata via
* memory allocations. If this is not a concern in given product, secure
* alloc/free should default to vmalloc/vfree.
*
* Memory returned from secure alloc is not expected to be physically continous
* nor zeroed.
*/
/* default to standard memory allocations for secure allocations */
#define SECURE_MEMORY_HANDLING 0
static inline void *env_secure_alloc(size_t size)
{
void *ptr = malloc(size);
#if SECURE_MEMORY_HANDLING
if (ptr && mlock(ptr, size)) {
free(ptr);
ptr = NULL;
}
#endif
return ptr;
}
static inline void env_secure_free(const void *ptr, size_t size)
{
if (ptr) {
#if SECURE_MEMORY_HANDLING
memset(ptr, size, 0);
/* TODO: flush CPU caches ? */
ENV_BUG_ON(munlock(ptr));
#endif
free((void*)ptr);
}
}
static inline uint64_t env_get_free_memory(void) static inline uint64_t env_get_free_memory(void)
{ {
return sysconf(_SC_PAGESIZE) * sysconf(_SC_AVPHYS_PAGES); return sysconf(_SC_PAGESIZE) * sysconf(_SC_AVPHYS_PAGES);
@ -613,21 +666,15 @@ static inline void env_sort(void *base, size_t num, size_t size,
strncpy(dest, src, min(dmax, slen)); \ strncpy(dest, src, min(dmax, slen)); \
0; \ 0; \
}) })
/* *** DEBUGING *** */
#define ENV_WARN(cond, fmt...) printf(fmt)
#define ENV_WARN_ON(cond) ;
#define ENV_WARN_ONCE(cond, fmt...) ENV_WARN(cond, fmt)
#define ENV_BUG() assert(0)
#define ENV_BUG_ON(cond) assert(!(cond))
/* *** MISC UTILITIES *** */
#define container_of(ptr, type, member) ({ \ #define container_of(ptr, type, member) ({ \
const typeof(((type *)0)->member)*__mptr = (ptr); \ const typeof(((type *)0)->member)*__mptr = (ptr); \
(type *)((char *)__mptr - offsetof(type, member)); }) (type *)((char *)__mptr - offsetof(type, member)); })
#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) #define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
/* *** TIME *** */
static inline void env_msleep(uint64_t n) static inline void env_msleep(uint64_t n)
{ {
usleep(n * 1000); usleep(n * 1000);