From: Todd Short <tshort@akamai.com>
Date: Thu, 23 Mar 2017 16:56:22 +0000 (-0400)
Subject: Add support for MLOCK_ONFAULT to secure arena
X-Git-Tag: OpenSSL_1_1_1-pre1~1852
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9dfc5b96874c477095f407c08141614e010a0b98;p=oweals%2Fopenssl.git

Add support for MLOCK_ONFAULT to secure arena

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3115)
---

diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 93bff90d8d..351dec43bc 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -31,6 +31,11 @@
 # include <unistd.h>
 # include <sys/types.h>
 # include <sys/mman.h>
+# if defined(OPENSSL_SYS_LINUX)
+#  include <sys/syscall.h>
+#  include <linux/mman.h>
+#  include <errno.h>
+# endif
 # include <sys/param.h>
 # include <sys/stat.h>
 # include <fcntl.h>
@@ -433,8 +438,19 @@ static int sh_init(size_t size, int minsize)
     if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
         ret = 2;
 
+#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
+    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
+        if (errno == ENOSYS) {
+            if (mlock(sh.arena, sh.arena_size) < 0)
+                ret = 2;
+        } else {
+            ret = 2;
+        }
+    }
+#else
     if (mlock(sh.arena, sh.arena_size) < 0)
         ret = 2;
+#endif
 #ifdef MADV_DONTDUMP
     if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
         ret = 2;