You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by mt...@apache.org on 2009/10/10 09:15:30 UTC
svn commit: r823809 - in /commons/sandbox/runtime/trunk/src/main:
java/org/apache/commons/runtime/SecureMemory.java native/Makefile.in
native/Makefile.msc.in native/os/unix/secmem.c native/os/win32/secmem.c
Author: mturk
Date: Sat Oct 10 07:15:30 2009
New Revision: 823809
URL: http://svn.apache.org/viewvc?rev=823809&view=rev
Log:
Add non-pageable memory allocation
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/SecureMemory.java (with props)
commons/sandbox/runtime/trunk/src/main/native/os/unix/secmem.c (with props)
commons/sandbox/runtime/trunk/src/main/native/os/win32/secmem.c (with props)
Modified:
commons/sandbox/runtime/trunk/src/main/native/Makefile.in
commons/sandbox/runtime/trunk/src/main/native/Makefile.msc.in
Added: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/SecureMemory.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/SecureMemory.java?rev=823809&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/SecureMemory.java (added)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/SecureMemory.java Sat Oct 10 07:15:30 2009
@@ -0,0 +1,84 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime;
+
+/**
+ * SecureMemory class.
+ * <p>
+ * Ensures that allocated memory is not paged to the disk making it
+ * usable for security sensitive data. Allocated memory is always
+ * aligned to the system page size.
+ * </p>
+ * <p>
+ * <b>Warning:</b><br/>Using this class improperly may crash the running JVM.
+ * </p>
+ *
+ * @since Runtime 1.0
+ */
+public final class SecureMemory
+{
+
+ private SecureMemory()
+ {
+ // No Instance
+ }
+
+
+ private static native Pointer malloc0(long size)
+ throws OutOfMemoryError;
+ /**
+ * Allocates {@code size} bytes and returns a {@link Pointer}
+ * to the allocated memory.
+ *
+ * @param size Size of the memory to allocate.
+ * @return new {@link Pointer} containing memory area.
+ *
+ * @throws OutOfMemoryError if memory cannot be allocated.
+ * @throws IllegalArgumentException if the size is less then {@code 1}.
+ */
+ public static Pointer malloc(long size)
+ throws OutOfMemoryError, IllegalArgumentException
+ {
+ if (size < 1L)
+ throw new IllegalArgumentException();
+
+ return malloc0(size);
+ }
+
+ private static native Pointer calloc0(long size)
+ throws OutOfMemoryError;
+ /**
+ * Allocates {@code size} bytes and returns a {@link Pointer}
+ * to the allocated memory. The memory is initialized to zero.
+ *
+ * @param size Size of the memory to allocate.
+ * @return new {@link Pointer} containing memory area.
+ *
+ * @throws OutOfMemoryError if memory cannot be allocated.
+ * @throws IllegalArgumentException if the size is less then {@code 1}.
+ */
+ public static Pointer calloc(long size)
+ throws OutOfMemoryError, IllegalArgumentException
+ {
+ if (size < 1L)
+ throw new IllegalArgumentException();
+
+ return calloc0(size);
+ }
+
+
+}
Propchange: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/SecureMemory.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: commons/sandbox/runtime/trunk/src/main/native/Makefile.in
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/Makefile.in?rev=823809&r1=823808&r2=823809&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/Makefile.in (original)
+++ commons/sandbox/runtime/trunk/src/main/native/Makefile.in Sat Oct 10 07:15:30 2009
@@ -127,6 +127,7 @@
$(SRCDIR)/os/unix/user.$(OBJ) \
$(SRCDIR)/os/unix/mmap.$(OBJ) \
$(SRCDIR)/os/unix/mutex.$(OBJ) \
+ $(SRCDIR)/os/unix/secmem.$(OBJ) \
$(SRCDIR)/os/unix/sema.$(OBJ) \
$(SRCDIR)/os/unix/shm.$(OBJ) \
$(SRCDIR)/os/unix/signals.$(OBJ) \
@@ -154,6 +155,7 @@
$(SRCDIR)/os/unix/user.$(OBJ) \
$(SRCDIR)/os/unix/mmap.$(OBJ) \
$(SRCDIR)/os/unix/mutex.$(OBJ) \
+ $(SRCDIR)/os/unix/secmem.$(OBJ) \
$(SRCDIR)/os/unix/sema.$(OBJ) \
$(SRCDIR)/os/unix/shm.$(OBJ) \
$(SRCDIR)/os/unix/signals.$(OBJ) \
@@ -178,6 +180,7 @@
$(SRCDIR)/os/unix/group.$(OBJ) \
$(SRCDIR)/os/unix/user.$(OBJ) \
$(SRCDIR)/os/unix/mmap.$(OBJ) \
+ $(SRCDIR)/os/unix/secmem.$(OBJ) \
$(SRCDIR)/os/unix/sema.$(OBJ) \
$(SRCDIR)/os/unix/shm.$(OBJ) \
$(SRCDIR)/os/unix/signals.$(OBJ) \
@@ -204,6 +207,7 @@
$(SRCDIR)/os/unix/user.$(OBJ) \
$(SRCDIR)/os/unix/mmap.$(OBJ) \
$(SRCDIR)/os/unix/mutex.$(OBJ) \
+ $(SRCDIR)/os/unix/secmem.$(OBJ) \
$(SRCDIR)/os/unix/sema.$(OBJ) \
$(SRCDIR)/os/unix/signals.$(OBJ) \
$(SRCDIR)/os/unix/syslog.$(OBJ) \
Modified: commons/sandbox/runtime/trunk/src/main/native/Makefile.msc.in
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/Makefile.msc.in?rev=823809&r1=823808&r2=823809&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/Makefile.msc.in (original)
+++ commons/sandbox/runtime/trunk/src/main/native/Makefile.msc.in Sat Oct 10 07:15:30 2009
@@ -120,6 +120,7 @@
$(SRCDIR)/os/win32/mutex.$(OBJ) \
$(SRCDIR)/os/win32/posix.$(OBJ) \
$(SRCDIR)/os/win32/registry.$(OBJ) \
+ $(SRCDIR)/os/win32/secmem.$(OBJ) \
$(SRCDIR)/os/win32/sema.$(OBJ) \
$(SRCDIR)/os/win32/service.$(OBJ) \
$(SRCDIR)/os/win32/shm.$(OBJ) \
Added: commons/sandbox/runtime/trunk/src/main/native/os/unix/secmem.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/unix/secmem.c?rev=823809&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/unix/secmem.c (added)
+++ commons/sandbox/runtime/trunk/src/main/native/os/unix/secmem.c Sat Oct 10 07:15:30 2009
@@ -0,0 +1,169 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr.h"
+#include "acr_private.h"
+#include "acr_arch.h"
+#include "acr_memory.h"
+#include "acr_pointer.h"
+#include "acr_error.h"
+
+#if HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#ifndef MAP_ANONYMOUS
+#ifdef MAP_ANON
+#define MAP_ANONYMOUS MAP_ANON
+#endif
+#endif
+#ifdef MAP_ANONYMOUS
+#define ACR_USE_MMAP
+#endif
+#endif
+
+extern acr_size_t acr_page_size;
+/**
+ * Posix secure memory functions
+ *
+ */
+static int secmem_pointer_cleanup(void *mem, size_t len)
+{
+ if (mem && len) {
+#ifdef ACR_USE_MMAP
+ munmap(mem, len);
+#else
+ x_free(mem);
+#endif
+ return 0;
+ }
+ else {
+ return ACR_EISNULL;
+ }
+}
+
+ACR_JNI_EXPORT_DECLARE(jobject, SecureMemory, malloc0)(ACR_JNISTDARGS,
+ jlong siz)
+{
+ jobject ptr = NULL;
+ void *mem;
+#ifdef ACR_USE_MMAP
+ int flags = MAP_PRIVATE | MAP_ANONYMOUS;
+#endif
+ acr_size_t ass = (acr_size_t)ACR_ALIGN(siz, acr_page_size);
+
+ UNREFERENCED_O;
+ if (ass < (acr_size_t)siz) {
+ /* Guard against faulty align value */
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_EINVAL, 0);
+ return NULL;
+ }
+#ifdef ACR_USE_MMAP
+#ifdef MAP_LOCKED
+ flags |= MAP_LOCKED;
+#endif
+ mem = mmap(0, ass, PROT_READ | PROT_WRITE, flags, -1, 0);
+ if (mem == NULL)
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_ENOMEM, ACR_GET_OS_ERROR());
+#else
+ mem = ACR_Malloc(_E, THROW_NMARK, ass);
+#endif
+ if (mem) {
+#ifdef ACR_USE_MMAP
+#ifdef MAP_LOCKED
+ /* ###: How to determine if the MAP_LOCKED
+ * was ignored by older linux kernel (before 2.5.37)
+ */
+#else
+ if (mlock(mem, ass)) {
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_ENOMEM,
+ ACR_GET_OS_ERROR());
+ }
+ else
+#endif
+#endif
+ {
+ /* Create the Pointer class with default cleanup.
+ */
+ ptr = ACR_NewBasicPointer(_E, mem, ass, secmem_pointer_cleanup);
+ }
+ if (!ptr) {
+#ifdef ACR_USE_MMAP
+ munmap(mem, ass);
+#else
+ x_free(mem);
+#endif
+ }
+ }
+ return ptr;
+}
+
+ACR_JNI_EXPORT_DECLARE(jobject, SecureMemory, calloc0)(ACR_JNISTDARGS,
+ jlong siz)
+{
+ jobject ptr = NULL;
+ void *mem;
+#ifdef ACR_USE_MMAP
+ int flags = MAP_PRIVATE | MAP_ANONYMOUS;
+#endif
+ acr_size_t ass = (acr_size_t)ACR_ALIGN(siz, acr_page_size);
+
+ UNREFERENCED_O;
+ if (ass < (acr_size_t)siz) {
+ /* Guard against faulty align value */
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_EINVAL, 0);
+ return NULL;
+ }
+#ifdef ACR_USE_MMAP
+#ifdef MAP_LOCKED
+ flags |= MAP_LOCKED;
+#endif
+ mem = mmap(0, ass, PROT_READ | PROT_WRITE, flags, -1, 0);
+ if (mem == NULL)
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_ENOMEM, ACR_GET_OS_ERROR());
+#else
+ mem = ACR_Malloc(_E, THROW_NMARK, ass);
+#endif
+ if (mem) {
+ /* Set memory to zero
+ */
+ memset(mem, 0, ass);
+#ifdef ACR_USE_MMAP
+#ifdef MAP_LOCKED
+ /* ###: How to determine if the MAP_LOCKED
+ * was ignored by older linux kernel (before 2.5.37)
+ */
+#else
+ if (mlock(mem, ass)) {
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_ENOMEM,
+ ACR_GET_OS_ERROR());
+ }
+ else
+#endif
+#endif
+ {
+ /* Create the Pointer class with default cleanup.
+ */
+ ptr = ACR_NewBasicPointer(_E, mem, ass, secmem_pointer_cleanup);
+ }
+ if (!ptr) {
+#ifdef ACR_USE_MMAP
+ munmap(mem, ass);
+#else
+ x_free(mem);
+#endif
+ }
+ }
+ return ptr;
+}
Propchange: commons/sandbox/runtime/trunk/src/main/native/os/unix/secmem.c
------------------------------------------------------------------------------
svn:eol-style = native
Added: commons/sandbox/runtime/trunk/src/main/native/os/win32/secmem.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/secmem.c?rev=823809&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/secmem.c (added)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/secmem.c Sat Oct 10 07:15:30 2009
@@ -0,0 +1,98 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr.h"
+#include "acr_private.h"
+#include "acr_arch.h"
+#include "acr_memory.h"
+#include "acr_pointer.h"
+#include "acr_error.h"
+
+extern acr_size_t acr_page_size;
+/**
+ * Windows secure memory functions
+ *
+ */
+static int secmem_pointer_cleanup(void *mem, size_t len)
+{
+ if (mem && len) {
+ VirtualFree(mem, 0, MEM_RELEASE);
+ return 0;
+ }
+ else {
+ return ACR_EISNULL;
+ }
+}
+
+ACR_JNI_EXPORT_DECLARE(jobject, SecureMemory, malloc0)(ACR_JNISTDARGS,
+ jlong siz)
+{
+ jobject ptr = NULL;
+ void *mem;
+ acr_size_t ass = (acr_size_t)ACR_ALIGN(siz, acr_page_size);
+
+ UNREFERENCED_O;
+ mem = VirtualAlloc(NULL, ass,
+ MEM_COMMIT | MEM_RESERVE,
+ PAGE_EXECUTE_READWRITE);
+ if (mem) {
+ if (!VirtualLock(mem, ass)) {
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_ENOMEM,
+ ACR_GET_OS_ERROR());
+ VirtualFree(mem, 0, MEM_RELEASE);
+ return NULL;
+ }
+ /* Create the Pointer class with default cleanup.
+ */
+ ptr = ACR_NewBasicPointer(_E, mem, ass, secmem_pointer_cleanup);
+ if (!ptr) {
+ VirtualFree(mem, 0, MEM_RELEASE);
+ }
+ }
+ else
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_ENOMEM, ACR_GET_OS_ERROR());
+ return ptr;
+}
+
+ACR_JNI_EXPORT_DECLARE(jobject, SecureMemory, calloc0)(ACR_JNISTDARGS,
+ jlong siz)
+{
+ jobject ptr = NULL;
+ void *mem;
+ acr_size_t ass = (acr_size_t)ACR_ALIGN(siz, acr_page_size);
+
+ UNREFERENCED_O;
+ mem = VirtualAlloc(NULL, ass,
+ MEM_COMMIT | MEM_RESERVE,
+ PAGE_EXECUTE_READWRITE);
+ if (mem) {
+ if (!VirtualLock(mem, ass)) {
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_ENOMEM,
+ ACR_GET_OS_ERROR());
+ VirtualFree(mem, 0, MEM_RELEASE);
+ return NULL;
+ }
+ /* Create the Pointer class with default cleanup.
+ */
+ ptr = ACR_NewBasicPointer(_E, mem, ass, secmem_pointer_cleanup);
+ if (!ptr) {
+ VirtualFree(mem, 0, MEM_RELEASE);
+ }
+ }
+ else
+ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_ENOMEM, ACR_GET_OS_ERROR());
+ return ptr;
+}
Propchange: commons/sandbox/runtime/trunk/src/main/native/os/win32/secmem.c
------------------------------------------------------------------------------
svn:eol-style = native