author | Lijo George - Oracle Corporation - Bangalore India <lijo.x.george@oracle.com> |
Tue, 15 Jan 2013 02:16:22 -0800 | |
changeset 1121 | d7ac717f665d |
parent 791 | 4b6378a2fe0a |
permissions | -rw-r--r-- |
791
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
1 |
--- src/tspi/tsp_policy.c 2010-05-01 19:39:11.000000000 -0700 |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
2 |
+++ src/tspi/tsp_policy.c 2012-04-20 18:10:16.757128000 -0700 |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
3 |
@@ -86,15 +86,13 @@ |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
4 |
int |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
5 |
pin_mem(void *addr, size_t len) |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
6 |
{ |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
7 |
- /* only root can lock pages into RAM */ |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
8 |
- if (getuid() != (uid_t)0) { |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
9 |
- LogWarn("Not pinning secrets in memory due to insufficient perms."); |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
10 |
- return 0; |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
11 |
- } |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
12 |
- |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
13 |
len += (uintptr_t)addr & PGOFFSET; |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
14 |
addr = (void *)((uintptr_t)addr & PGMASK); |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
15 |
if (mlock(addr, len) == -1) { |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
16 |
+ if (errno == EPERM) { |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
17 |
+ LogWarn("Not pinning secrets in memory due to insufficient perms."); |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
18 |
+ return 0; |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
19 |
+ } |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
20 |
LogError("mlock: %s", strerror(errno)); |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
21 |
return 1; |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
22 |
} |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
23 |
@@ -105,14 +103,12 @@ |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
24 |
int |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
25 |
unpin_mem(void *addr, size_t len) |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
26 |
{ |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
27 |
- /* only root can lock pages into RAM */ |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
28 |
- if (getuid() != (uid_t)0) { |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
29 |
- return 0; |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
30 |
- } |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
31 |
- |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
32 |
len += (uintptr_t)addr & PGOFFSET; |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
33 |
addr = (void *)((uintptr_t)addr & PGMASK); |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
34 |
if (munlock(addr, len) == -1) { |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
35 |
+ if (errno == EPERM) { |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
36 |
+ return 0; |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
37 |
+ } |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
38 |
LogError("mlock: %s", strerror(errno)); |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
39 |
return 1; |
4b6378a2fe0a
6896514 tss code doesn't do correct privilege check when using mlock
Dan Anderson <dan.anderson@oracle.com>
parents:
diff
changeset
|
40 |
} |