Implement overflow secmem pools for xmalloc style allocators.
* src/secmem.c (pooldesc_s): Add fields next, cur_alloced, and cur_blocks. (cur_alloced, cur_blocks): Remove vars. (ptr_into_pool_p): Make it inline. (stats_update): Add arg pool and update the new pool specific counters. (_gcry_secmem_malloc_internal): Add arg xhint and allocate overflow pools as needed. (_gcry_secmem_malloc): Pass XHINTS along. (_gcry_secmem_realloc_internal): Ditto. (_gcry_secmem_realloc): Ditto. (_gcry_secmem_free_internal): Take multiple pools in account. Add return value to indicate whether the arg was freed. (_gcry_secmem_free): Add return value to indicate whether the arg was freed. (_gcry_private_is_secure): Take multiple pools in account. (_gcry_secmem_term): Release all pools. (_gcry_secmem_dump_stats): Print stats for all pools. * src/stdmem.c (_gcry_private_free): Replace _gcry_private_is_secure test with a direct call of _gcry_secmem_free to avoid double checking.
This patch avoids process termination due to an out-of-secure-memory
condition in the MPI subsystem. We consider it more important to have
reliable MPI computations than process termination due the need for
memory which is protected against being swapped out. Using encrypted
swap is anyway a more reliable protection than those mlock'ed pages.
Note also that mlock'ed pages won't help against hibernation.
- GnuPG-bug-id: T2857
- Signed-off-by: Werner Koch <wk@gnupg.org>