diff options
author | Nick Mathewson <nickm@torproject.org> | 2019-03-06 10:35:02 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2019-04-04 12:56:52 -0400 |
commit | 12205c3cbee4e71ded2b5710a57342b510e9d6df (patch) | |
tree | a0f1800c2e4c95ce37409fdecf28830188fb161a /src/lib | |
parent | ab6ad3c040de68b1f06b8f910407bff570b24b43 (diff) | |
download | tor-12205c3cbee4e71ded2b5710a57342b510e9d6df.tar.gz tor-12205c3cbee4e71ded2b5710a57342b510e9d6df.zip |
Make map_anon expose the result of a noinherit attempt
Previously we did this for tests only, but it's valuable for getting
proper fork behavior in rand_fast.
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/crypt_ops/crypto_rand_fast.c | 4 | ||||
-rw-r--r-- | src/lib/malloc/map_anon.c | 48 | ||||
-rw-r--r-- | src/lib/malloc/map_anon.h | 17 |
3 files changed, 33 insertions, 36 deletions
diff --git a/src/lib/crypt_ops/crypto_rand_fast.c b/src/lib/crypt_ops/crypto_rand_fast.c index 760e1025ed..f1acc9faf2 100644 --- a/src/lib/crypt_ops/crypto_rand_fast.c +++ b/src/lib/crypt_ops/crypto_rand_fast.c @@ -134,8 +134,8 @@ crypto_fast_rng_new_from_seed(const uint8_t *seed) * having it get dumped, swapped, or shared after fork. */ crypto_fast_rng_t *result = tor_mmap_anonymous(sizeof(*result), - ANONMAP_PRIVATE | ANONMAP_NOINHERIT); - + ANONMAP_PRIVATE | ANONMAP_NOINHERIT, + NULL); memcpy(result->buf.seed, seed, SEED_LEN); /* Causes an immediate refill once the user asks for data. */ result->bytes_left = 0; diff --git a/src/lib/malloc/map_anon.c b/src/lib/malloc/map_anon.c index 5dac5256a6..bb0a3d5741 100644 --- a/src/lib/malloc/map_anon.c +++ b/src/lib/malloc/map_anon.c @@ -107,54 +107,34 @@ nodump_mem(void *mem, size_t sz) #endif } -#ifdef TOR_UNIT_TESTS -static unsigned last_anon_map_noinherit = ~0; -/* Testing helper: return the outcome of the last call to noinherit_mem(): - * 0 if it did no good; 1 if it caused the memory not to be inherited, and - * 2 if it caused the memory to be cleared on fork */ -unsigned -get_last_anon_map_noinherit(void) -{ - return last_anon_map_noinherit; -} -static void -set_last_anon_map_noinherit(unsigned f) -{ - last_anon_map_noinherit = f; -} -#else -static void -set_last_anon_map_noinherit(unsigned f) -{ - (void)f; -} -#endif - /** * Helper: try to prevent the <b>sz</b> bytes at <b>mem</b> from being * accessible in child processes -- ideally by having them set to 0 after a * fork, and if that doesn't work, by having them unmapped after a fork. * Return 0 on success or if the facility is not available on this OS; return * -1 on failure. + * + * If we successfully make the memory uninheritable, adjust the value of + * *<b>inherit_result_out</b>. */ static int -noinherit_mem(void *mem, size_t sz) +noinherit_mem(void *mem, size_t sz, unsigned *inherit_result_out) { - set_last_anon_map_noinherit(0); #ifdef FLAG_ZERO int r = MINHERIT(mem, sz, FLAG_ZERO); if (r == 0) { - set_last_anon_map_noinherit(2); + *inherit_result_out = INHERIT_ZERO; return 0; } #endif #ifdef FLAG_NOINHERIT int r2 = MINHERIT(mem, sz, FLAG_NOINHERIT); if (r2 == 0) { - set_last_anon_map_noinherit(1); + *inherit_result_out = INHERIT_DROP; } return r2; #else + (void)inherit_result_out; (void)mem; (void)sz; return 0; @@ -174,14 +154,24 @@ noinherit_mem(void *mem, size_t sz) * Memory returned from this function must be released with * tor_munmap_anonymous(). * + * If <b>inherit_result_out</b> is non-NULL, set it to one of INHERIT_KEEP, + * INHERIT_DROP, and INHERIT_ZERO, depending on the properties of the returned + * memory. + * * [Note: OS people use the word "anonymous" here to mean that the memory * isn't associated with any file. This has *nothing* to do with the kind of * anonymity that Tor is trying to provide.] */ void * -tor_mmap_anonymous(size_t sz, unsigned flags) +tor_mmap_anonymous(size_t sz, unsigned flags, unsigned *inherit_result_out) { void *ptr; + unsigned itmp=0; + if (inherit_result_out == NULL) { + inherit_result_out = &itmp; + } + *inherit_result_out = INHERIT_KEEP; + #if defined(_WIN32) HANDLE mapping = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, /*attributes*/ @@ -214,7 +204,7 @@ tor_mmap_anonymous(size_t sz, unsigned flags) } if (flags & ANONMAP_NOINHERIT) { - int noinherit_result = noinherit_mem(ptr, sz); + int noinherit_result = noinherit_mem(ptr, sz, inherit_result_out); raw_assert(noinherit_result == 0); } diff --git a/src/lib/malloc/map_anon.h b/src/lib/malloc/map_anon.h index 395145bd71..edd7500821 100644 --- a/src/lib/malloc/map_anon.h +++ b/src/lib/malloc/map_anon.h @@ -31,11 +31,18 @@ */ #define ANONMAP_NOINHERIT (1u<<1) -void *tor_mmap_anonymous(size_t sz, unsigned flags); -void tor_munmap_anonymous(void *mapping, size_t sz); +/** Possible value for inherit_result_out: the memory will be kept + * by any child process. */ +#define INHERIT_KEEP 0 +/** Possible value for inherit_result_out: the memory will be dropped in + * the child process. Attempting to access it will likely cause a segfault. */ +#define INHERIT_DROP 1 +/** Possible value for inherit_result_out: the memory will be cleared in + * the child process. */ +#define INHERIT_ZERO 2 -#ifdef TOR_UNIT_TESTS -unsigned get_last_anon_map_noinherit(void); -#endif +void *tor_mmap_anonymous(size_t sz, unsigned flags, + unsigned *inherit_result_out); +void tor_munmap_anonymous(void *mapping, size_t sz); #endif /* !defined(TOR_MAP_ANON_H) */ |