diff --git a/lib/internal.h b/lib/internal.h index 9a3ef89d..b1061658 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -177,8 +177,6 @@ int init_crypto(struct crypt_device *ctx); int crypt_get_debug_level(void); -int crypt_memlock_inc(struct crypt_device *ctx); -int crypt_memlock_dec(struct crypt_device *ctx); void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise); int crypt_metadata_locking_enabled(void); diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index edb3078b..bfb98c53 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -344,6 +344,7 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m /** * Helper to lock/unlock memory to avoid swap sensitive data to disk. + * \b Deprecated, only for backward compatibility. Memory with keys are locked automatically. * * @param cd crypt device handle, can be @e NULL * @param lock 0 to unlock otherwise lock memory @@ -353,7 +354,7 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m * @note Only root can do this. * @note It locks/unlocks all process memory, not only crypt context. */ -int crypt_memory_lock(struct crypt_device *cd, int lock); +int crypt_memory_lock(struct crypt_device *cd, int lock) __attribute__((deprecated)); /** * Set global lock protection for on-disk metadata (file-based locking). diff --git a/lib/setup.c b/lib/setup.c index c7bbc6cf..c75e06b9 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -5016,7 +5016,7 @@ int crypt_get_rng_type(struct crypt_device *cd) int crypt_memory_lock(struct crypt_device *cd, int lock) { - return lock ? crypt_memlock_inc(cd) : crypt_memlock_dec(cd); + return 0; } void crypt_set_compatibility(struct crypt_device *cd, uint32_t flags) diff --git a/lib/utils.c b/lib/utils.c index 5742d3ec..9d79ee29 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -88,45 +88,6 @@ void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise) } } -/* MEMLOCK */ -#define DEFAULT_PROCESS_PRIORITY -18 - -static int _priority; -static int _memlock_count = 0; - -// return 1 if memory is locked -int crypt_memlock_inc(struct crypt_device *ctx) -{ - if (!_memlock_count++) { - log_dbg(ctx, "Locking memory."); - if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) { - log_dbg(ctx, "Cannot lock memory with mlockall."); - _memlock_count--; - return 0; - } - errno = 0; - if (((_priority = getpriority(PRIO_PROCESS, 0)) == -1) && errno) - log_err(ctx, _("Cannot get process priority.")); - else - if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY)) - log_dbg(ctx, "setpriority %d failed: %s", - DEFAULT_PROCESS_PRIORITY, strerror(errno)); - } - return _memlock_count ? 1 : 0; -} - -int crypt_memlock_dec(struct crypt_device *ctx) -{ - if (_memlock_count && (!--_memlock_count)) { - log_dbg(ctx, "Unlocking memory."); - if (munlockall() == -1) - log_err(ctx, _("Cannot unlock memory.")); - if (setpriority(PRIO_PROCESS, 0, _priority)) - log_dbg(ctx, "setpriority %d failed: %s", _priority, strerror(errno)); - } - return _memlock_count ? 1 : 0; -} - /* Keyfile processing */ /*