* Move memory locking and dm initialization to command layer.

* Increase priority of process if memory is locked. Signed-off-by: Milan Broz <mbroz@redhat.com> git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@91 36d66b0a-2a48-0410-832c-cd162a569da5
2025-12-11 19:00:02 +01:00 · 2009-08-30 18:07:00 +00:00
parent ab953b3ff6
commit 4e471a9b03
7 changed files with 130 additions and 126 deletions
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -21,8 +21,6 @@ struct device_infos {
 	int		readonly;
 };

-static int memory_unsafe = 0;
-
 #define at_least_one(a) ({ __typeof__(a) __at_least_one=(a); (__at_least_one)?__at_least_one:1; })

 static void logger(struct crypt_options *options, int class, char *format, ...) {
@@ -45,35 +43,6 @@ static void hexprintICB(struct crypt_options *options, int class, char *d, int n
 		logger(options, class, "%02hhx ", (char)d[i]);
 }

-static int setup_enter(void (*log)(int, char *))
-{
-	int r;
-
-	/*
-	 * from here we could have sensible data in memory
-	 * so protect it from being swapped out
-	 */
-	r = mlockall(MCL_CURRENT | MCL_FUTURE);
-	if (r < 0) {
-		perror("mlockall failed");
-		log(CRYPT_LOG_ERROR, "WARNING!!! Possibly insecure memory. Are you root?\n");
-		memory_unsafe = 1;
-	}
-
-	set_error(NULL);
-
-	return 0;
-}
-
-static int setup_leave(void)
-{
-	/* dangerous, we can't wipe all the memory */
-	if (!memory_unsafe)
-		munlockall();
-
-	return 0;
-}
-
 /*
 * Password processing behaviour matrix of process_key
 * 
@@ -771,20 +740,12 @@ static int __crypt_luks_remove_key(int arg, struct crypt_options *options) {
 	return luks_remove_helper(arg, options, 1);
 }

-
 static int crypt_job(int (*job)(int arg, struct crypt_options *options),
                     int arg, struct crypt_options *options)
 {
 	int r;

-	if (setup_enter(options->icb->log) < 0) {
-		r = -ENOSYS;
-		goto out;
-	}
-
 	r = job(arg, options);
-out:
-	setup_leave();

 	if (r >= 0)
 		set_error(NULL);