eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Mark crypt_memory_lock() API call deprecated.

Browse Source 
And remove its implementation.
This commit is contained in:
Milan Broz
2022-08-16 15:41:01 +02:00
parent 4b47091b85
commit 88d9524e6c
4 changed files with 3 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/internal.h
View File

@@ -177,8 +177,6 @@ int init_crypto(struct crypt_device *ctx);
int crypt_get_debug_level(void); int crypt_get_debug_level(void);
int crypt_memlock_inc(struct crypt_device *ctx);
int crypt_memlock_dec(struct crypt_device *ctx);
void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise); void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise);
int crypt_metadata_locking_enabled(void); int crypt_metadata_locking_enabled(void);

3
lib/libcryptsetup.h
View File

@@ -344,6 +344,7 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m
/** /**
* Helper to lock/unlock memory to avoid swap sensitive data to disk. * Helper to lock/unlock memory to avoid swap sensitive data to disk.
* \b Deprecated, only for backward compatibility. Memory with keys are locked automatically.
* *
* @param cd crypt device handle, can be @e NULL * @param cd crypt device handle, can be @e NULL
* @param lock 0 to unlock otherwise lock memory * @param lock 0 to unlock otherwise lock memory
@@ -353,7 +354,7 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m
* @note Only root can do this. * @note Only root can do this.
* @note It locks/unlocks all process memory, not only crypt context. * @note It locks/unlocks all process memory, not only crypt context.
*/ */
int crypt_memory_lock(struct crypt_device *cd, int lock); int crypt_memory_lock(struct crypt_device *cd, int lock) __attribute__((deprecated));
/** /**
* Set global lock protection for on-disk metadata (file-based locking). * Set global lock protection for on-disk metadata (file-based locking).

2
lib/setup.c
View File

@@ -5016,7 +5016,7 @@ int crypt_get_rng_type(struct crypt_device *cd)
int crypt_memory_lock(struct crypt_device *cd, int lock) int crypt_memory_lock(struct crypt_device *cd, int lock)
{ {
return lock ? crypt_memlock_inc(cd) : crypt_memlock_dec(cd); return 0;
} }
void crypt_set_compatibility(struct crypt_device *cd, uint32_t flags) void crypt_set_compatibility(struct crypt_device *cd, uint32_t flags)

39
lib/utils.c
View File

@@ -88,45 +88,6 @@ void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise)
} }
} }
/* MEMLOCK */
#define DEFAULT_PROCESS_PRIORITY -18
static int _priority;
static int _memlock_count = 0;
// return 1 if memory is locked
int crypt_memlock_inc(struct crypt_device *ctx)
{
if (!_memlock_count++) {
log_dbg(ctx, "Locking memory.");
if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
log_dbg(ctx, "Cannot lock memory with mlockall.");
_memlock_count--;
return 0;
}
errno = 0;
if (((_priority = getpriority(PRIO_PROCESS, 0)) == -1) && errno)
log_err(ctx, _("Cannot get process priority."));
else
if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY))
log_dbg(ctx, "setpriority %d failed: %s",
DEFAULT_PROCESS_PRIORITY, strerror(errno));
}
return _memlock_count ? 1 : 0;
}
int crypt_memlock_dec(struct crypt_device *ctx)
{
if (_memlock_count && (!--_memlock_count)) {
log_dbg(ctx, "Unlocking memory.");
if (munlockall() == -1)
log_err(ctx, _("Cannot unlock memory."));
if (setpriority(PRIO_PROCESS, 0, _priority))
log_dbg(ctx, "setpriority %d failed: %s", _priority, strerror(errno));
}
return _memlock_count ? 1 : 0;
}
/* Keyfile processing */ /* Keyfile processing */
/* /*