aboutsummaryrefslogtreecommitdiff
path: root/src/support/lockedpool.cpp
AgeCommit message (Collapse)Author
2021-01-04doc: Use https URLs where possibleSawyer Billings
2020-08-20Move Win32 defines to configure.ac to ensure they are globally definedLuke Dashjr
common.vcxproj used for MSVC builds
2020-05-29Limit scope of all global std::once_flagMarcoFalke
2020-05-04Merge #18443: lockedpool: avoid sensitive data in core files (FreeBSD)Wladimir J. van der Laan
f85203097f78d9daa1d35c4097a80beab31da2a4 lockedpool: avoid sensitive data in core files (FreeBSD) (Vasil Dimov) Pull request description: This is a followup to 23991ee53 / https://github.com/bitcoin/bitcoin/pull/15600 to also use madvise(2) on FreeBSD to avoid sensitive data allocated with secure_allocator ending up in core files in addition to preventing it from going to the swap. ACKs for top commit: sipa: ACK f85203097f78d9daa1d35c4097a80beab31da2a4 if someone verifies this works as intended on *BSD. laanwj: ACK f85203097f78d9daa1d35c4097a80beab31da2a4 practicalswift: Code-review ACK f85203097f78d9daa1d35c4097a80beab31da2a4 assuming a reviewer with FreeBSD access verifies that the PR goal is achieved :) Tree-SHA512: 2e6d4ab6a9fbe18732c8ba530eacc17f58128c97140758b80c905b5b838922a2bcaa5f9abc45ab69d5a1a2baa0cba322f006048b60a877228e089c7e64dadd2a
2020-04-16scripted-diff: Bump copyright headersMarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2020-03-26lockedpool: avoid sensitive data in core files (FreeBSD)Vasil Dimov
This is a followup to 23991ee53 / https://github.com/bitcoin/bitcoin/pull/15600 to also use madvise(2) on FreeBSD to avoid sensitive data allocated with secure_allocator ending up in core files in addition to preventing it from going to the swap.
2020-03-26Merge #15600: lockedpool: When possible, use madvise to avoid including ↵Wladimir J. van der Laan
sensitive information in core dumps d831831822885717e9841f1ff67c19add566fa45 lockedpool: When possible, use madvise to avoid including sensitive information in core dumps (Luke Dashjr) Pull request description: If we're mlocking something, it's because it's sensitive information. Therefore, don't include it in core dump files, ~~and unmap it from forked processes~~. The return value is not checked because the madvise calls might fail on older kernels as a rule (unsure). ACKs for top commit: practicalswift: Code review ACK d831831822885717e9841f1ff67c19add566fa45 -- patch looks correct laanwj: ACK d831831822885717e9841f1ff67c19add566fa45 jonatack: ACK d831831822885717e9841f1ff67c19add566fa45 vasild: ACK d831831822885717e9841f1ff67c19add566fa45 Tree-SHA512: 9a6c1fef126a4bbee0698bfed5a01233460fbcc86380d984e80dfbdfbed3744fef74527a8e3439ea226167992cff9d3ffa8f2d4dbd5ae96ebe0c12f3eee0eb9e
2020-03-04lockedpool: When possible, use madvise to avoid including sensitive ↵Luke Dashjr
information in core dumps
2019-12-30scripted-diff: Bump copyright of files changed in 2019MarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2019-11-16Fix segfault in allocator_tests/arena_testsJeffrey Czyz
The test uses reinterpret_cast<void*> on unallocated memory. Using this memory in printchunk as char* causes a segfault, so have printchunk take void* instead.
2019-11-16Fix compilation errors in support/lockedpool.cppJeffrey Czyz
Changes in #12048 cause a compilation error in Arena::walk() when ARENA_DEBUG is defined. Specifically, Arena's chunks_free map was changed to have a different value type. Additionally, missing includes cause other compilation errors when ARENA_DEBUG is defined. Reproduced with: make CPPFLAGS=-DARENA_DEBUG
2019-01-23windows: Set _WIN32_WINNT to 0x0601 (Windows 7)Chun Kuan Lee
Also remove all defines in many places and define it in configure stage to keep consistency.
2019-01-06Fix out-of-bounds write in case of failing mmap(...) in ↵practicalswift
PosixLockedPageAllocator::AllocateLocked
2018-09-04Fix typos reported by codespellpracticalswift
2018-07-27Update copyright headers to 2018DrahtBot
2018-05-03Make it clear which functions that are intended to be translation unit localpracticalswift
Do not share functions that are meant to be translation unit local with other translation units. Use internal linkage for those consistently.
2018-04-09Remove duplicate includespracticalswift
2018-04-05Merge #12859: Bugfix: Include <memory> for std::unique_ptrWladimir J. van der Laan
a5bca13 Bugfix: Include <memory> for std::unique_ptr (Luke Dashjr) Pull request description: Not sure why all these includes were missing, but it's breaking builds for some users: https://bugs.gentoo.org/show_bug.cgi?id=652142 (Added to all files with a reference to `std::unique_ptr`) Tree-SHA512: 8a2c67513ca07b9bb52c34e8a20b15e56f8af2530310d9ee9b0a69694dd05e02e7a3683f14101a2685d457672b56addec591a0bb83900a0eb8e2a43d43200509
2018-04-02Bugfix: Include <memory> for std::unique_ptrLuke Dashjr
2018-03-22Merge #12048: Use best-fit strategy in Arena, now O(log(n)) instead O(n)Wladimir J. van der Laan
5fbf7c4 fix nits: variable naming, typos (Martin Ankerl) 1e0ee90 Use best-fit strategy in Arena, now O(log(n)) instead O(n) (Martin Ankerl) Pull request description: This replaces the first-fit algorithm used in the Arena with a best-fit. According to "Dynamic Storage Allocation: A Survey and Critical Review", Wilson et. al. 1995, http://www.scs.stanford.edu/14wi-cs140/sched/readings/wilson.pdf, both startegies work well in practice. The advantage of using best-fit is that we can switch the O(n) allocation to O(log(n)). Additionally, some previously O(log(n)) operations are now O(1) operations by using hash maps. The end effect is that the benchmark runs about 2.5 times faster on my machine: # Benchmark, evals, iterations, total, min, max, median old: BenchLockedPool, 5, 530, 5.25749, 0.00196938, 0.00199755, 0.00198172 new: BenchLockedPool, 5, 1300, 5.11313, 0.000781493, 0.000793314, 0.00078606 I've run all unit tests and benchmarks, and increased the number of iterations so that BenchLockedPool takes about 5 seconds again. Tree-SHA512: 6551e384671f93f10c60df530a29a1954bd265cc305411f665a8756525e5afe2873a8032c797d00b6e8c07e16d9827465d0b662875433147381474a44119ccce
2018-03-21Fix typosDimitris Apostolou
2018-01-06fix nits: variable naming, typosMartin Ankerl
2018-01-03Increment MIT Licence copyright header year on files modified in 2017Akira Takizawa
2017-12-29Use best-fit strategy in Arena, now O(log(n)) instead O(n)Martin Ankerl
This replaces the first-fit algorithm used in the Arena with a best-fit. According to "Dynamic Storage Allocation: A Survey and Critical Review", Wilson et. al. 1995, http://www.scs.stanford.edu/14wi-cs140/sched/readings/wilson.pdf, both startegies work well in practice. The advantage of using best-fit is that we can switch the slow O(n) algorithm to O(log(n)) operations. Additionally, some previously O(log(n)) operations are now replaced with O(1) operations by using a hash map. The end effect is that the benchmark runs about 2.5 times faster on my machine: old: BenchLockedPool, 5, 530, 5.25749, 0.00196938, 0.00199755, 0.00198172 new: BenchLockedPool, 5, 1300, 5.11313, 0.000781493, 0.000793314, 0.00078606 I've run all unit tests and benchmarks.
2017-11-16scripted-diff: Replace #include "" with #include <> (ryanofsky)MeshCollider
-BEGIN VERIFY SCRIPT- for f in \ src/*.cpp \ src/*.h \ src/bench/*.cpp \ src/bench/*.h \ src/compat/*.cpp \ src/compat/*.h \ src/consensus/*.cpp \ src/consensus/*.h \ src/crypto/*.cpp \ src/crypto/*.h \ src/crypto/ctaes/*.h \ src/policy/*.cpp \ src/policy/*.h \ src/primitives/*.cpp \ src/primitives/*.h \ src/qt/*.cpp \ src/qt/*.h \ src/qt/test/*.cpp \ src/qt/test/*.h \ src/rpc/*.cpp \ src/rpc/*.h \ src/script/*.cpp \ src/script/*.h \ src/support/*.cpp \ src/support/*.h \ src/support/allocators/*.h \ src/test/*.cpp \ src/test/*.h \ src/wallet/*.cpp \ src/wallet/*.h \ src/wallet/test/*.cpp \ src/wallet/test/*.h \ src/zmq/*.cpp \ src/zmq/*.h do base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f done -END VERIFY SCRIPT-
2017-08-07scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal ↵practicalswift
instead of the macro NULL -BEGIN VERIFY SCRIPT- sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp -END VERIFY SCRIPT-
2017-06-28Use the override specifier (C++11) where we expect to be overriding the ↵practicalswift
virtual function of a base class
2016-12-05Do not shadow variables (gcc set)Pavel Janík
2016-11-02LockedPool: avoid quadratic-time allocationKaz Wesley
Use separate maps for used/free chunks to avoid linear scan through alloced chunks for each alloc.
2016-11-02LockedPool: fix explosion for illegal-sized allocKaz Wesley
Check for unreasonable alloc size in LockedPool rather than lancing through new Arenas until we improbably find one worthy of the quixotic request or the system can support no more Arenas.
2016-11-02Do not shadow variable, use deprecated MAP_ANON if MAP_ANONYMOUS is not defined.Pavel Janík
2016-10-27support: Add LockedPoolWladimir J. van der Laan
Add a pool for locked memory chunks, replacing LockedPageManager. This is something I've been wanting to do for a long time. The current approach of locking objects where they happen to be on the stack or heap in-place causes a lot of mlock/munlock system call overhead, slowing down any handling of keys. Also locked memory is a limited resource on many operating systems (and using a lot of it bogs down the system), so the previous approach of locking every page that may contain any key information (but also other information) is wasteful.