github/ocf
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use env_secure_(alloc/free) macro for metadata allocations

Browse Source 
Adapter can opt to take additional steps to securely allocate
memory used by OCF to store cache metadata. Typically this would
involve mlocking pages and zeroing memory before deallocation.

Memory allocated using secure_alloc is not expected to be zeroed
or physically continous.

Signed-off-by: Adam Rutkowski <adam.j.rutkowski@intel.com>
This commit is contained in:
Adam Rutkowski 2019-04-18 14:45:51 -04:00
parent 9528d1bf64
commit c5a80cc488
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/metadata/metadata_hash.c
View File

@ -680,7 +680,7 @@ exit:
ctx_data_free(ctx, context->data.core_config.data); ctx_data_free(ctx, context->data.core_config.data);
ctx_data_free(ctx, context->data.superblock.data); ctx_data_free(ctx, context->data.superblock.data);
env_vfree(context); env_secure_free(context, sizeof(*context));
} }
static void ocf_metadata_query_cores_end_io(struct ocf_io *io, int error) static void ocf_metadata_query_cores_end_io(struct ocf_io *io, int error)
@ -800,11 +800,12 @@ void ocf_metadata_hash_query_cores(ocf_ctx_t owner, ocf_volume_t volume,
} }
/* intialize query context */ /* intialize query context */
context = env_vzalloc(sizeof(*context)); context = env_secure_alloc(sizeof(*context));
if (!context) { if (!context) {
cmpl(priv, -ENOMEM, 0); cmpl(priv, -ENOMEM, 0);
return; return;
} }
ENV_BUG_ON(env_memset(context, sizeof(*context), 0));
context->ctx = owner; context->ctx = owner;
context->params.cmpl = cmpl; context->params.cmpl = cmpl;
context->params.priv = priv; context->params.priv = priv;

5
src/metadata/metadata_raw.c
View File

@ -78,7 +78,7 @@ static int _raw_ram_deinit(ocf_cache_t cache,
OCF_DEBUG_TRACE(cache); OCF_DEBUG_TRACE(cache);
if (raw->mem_pool) { if (raw->mem_pool) {
env_vfree(raw->mem_pool); env_secure_free(raw->mem_pool, raw->mem_pool_limit);
raw->mem_pool = NULL; raw->mem_pool = NULL;
} }
@ -99,9 +99,10 @@ static int _raw_ram_init(ocf_cache_t cache,
mem_pool_size = raw->ssd_pages; mem_pool_size = raw->ssd_pages;
mem_pool_size *= PAGE_SIZE; mem_pool_size *= PAGE_SIZE;
raw->mem_pool_limit = mem_pool_size; raw->mem_pool_limit = mem_pool_size;
raw->mem_pool = env_vzalloc(mem_pool_size); raw->mem_pool = env_secure_alloc(mem_pool_size);
if (!raw->mem_pool) if (!raw->mem_pool)
return -ENOMEM; return -ENOMEM;
ENV_BUG_ON(env_memset(raw->mem_pool, mem_pool_size, 0));
return 0; return 0;
} }

6
src/metadata/metadata_raw_dynamic.c
View File

@ -125,7 +125,7 @@ int raw_dynamic_deinit(ocf_cache_t cache,
OCF_DEBUG_TRACE(cache); OCF_DEBUG_TRACE(cache);
for (i = 0; i < raw->ssd_pages; i++) for (i = 0; i < raw->ssd_pages; i++)
env_free(ctrl->pages[i]); env_secure_free(ctrl->pages[i], PAGE_SIZE);
env_vfree(ctrl); env_vfree(ctrl);
raw->priv = NULL; raw->priv = NULL;
@ -296,7 +296,7 @@ static void raw_dynamic_load_all_complete(
context->cmpl(context->priv, error); context->cmpl(context->priv, error);
ocf_req_put(context->req); ocf_req_put(context->req);
env_free(context->page); env_secure_free(context->page, PAGE_SIZE);
env_free(context->zpage); env_free(context->zpage);
ctx_data_free(context->cache->owner, context->data); ctx_data_free(context->cache->owner, context->data);
env_vfree(context); env_vfree(context);
@ -383,7 +383,7 @@ static int raw_dynamic_load_all_update(struct ocf_request *req)
for (i_page = 0; i_page < count; i_page++, context->i++) { for (i_page = 0; i_page < count; i_page++, context->i++) {
if (!context->page) { if (!context->page) {
context->page = env_malloc(PAGE_SIZE, ENV_MEM_NORMAL); context->page = env_secure_alloc(PAGE_SIZE);
if (!context->page) { if (!context->page) {
/* Allocation error */ /* Allocation error */
result = -OCF_ERR_NO_MEM; result = -OCF_ERR_NO_MEM;