mirror of
https://github.com/rosenpass/rosenpass.git
synced 2025-12-12 15:49:22 -08:00
526c930119
Implements: - An additional allocator to use memfd_secret(2) and guard pages using mmap(2), implemented in quininer/memsec#16 - An allocator that abstracts away underlying allocators, and uses specified allocator set by rosenpass_secret_memory::policy functions (or a function that sets rosenpass_secret_memory::alloc::ALLOC_INIT - Updates to tests- integration, fuzz, bench: some tests use procspawn to spawn multiple processes with different allocator policies
83 lines
2.2 KiB
Rust
83 lines
2.2 KiB
Rust
pub fn secret_policy_try_use_memfd_secrets() {
|
|
let alloc_type = {
|
|
#[cfg(target_os = "linux")]
|
|
{
|
|
if crate::alloc::memsec::memfdsec::memfdsec_box_try(0u8).is_ok() {
|
|
crate::alloc::SecretAllocType::MemsecMemfdSec
|
|
} else {
|
|
crate::alloc::SecretAllocType::MemsecMalloc
|
|
}
|
|
}
|
|
|
|
#[cfg(not(target_os = "linux"))]
|
|
{
|
|
crate::alloc::SecretAllocType::MemsecMalloc
|
|
}
|
|
};
|
|
assert_eq!(
|
|
alloc_type,
|
|
crate::alloc::get_or_init_secret_alloc_type(alloc_type)
|
|
);
|
|
|
|
log::info!("Secrets will be allocated using {:?}", alloc_type);
|
|
}
|
|
|
|
#[cfg(target_os = "linux")]
|
|
pub fn secret_policy_use_only_memfd_secrets() {
|
|
let alloc_type = crate::alloc::SecretAllocType::MemsecMemfdSec;
|
|
|
|
assert_eq!(
|
|
alloc_type,
|
|
crate::alloc::get_or_init_secret_alloc_type(alloc_type)
|
|
);
|
|
|
|
log::info!("Secrets will be allocated using {:?}", alloc_type);
|
|
}
|
|
|
|
pub fn secret_policy_use_only_malloc_secrets() {
|
|
let alloc_type = crate::alloc::SecretAllocType::MemsecMalloc;
|
|
assert_eq!(
|
|
alloc_type,
|
|
crate::alloc::get_or_init_secret_alloc_type(alloc_type)
|
|
);
|
|
|
|
log::info!("Secrets will be allocated using {:?}", alloc_type);
|
|
}
|
|
|
|
pub mod test {
|
|
#[macro_export]
|
|
macro_rules! test_spawn_process_with_policies {
|
|
($body:block, $($f: expr),*) => {
|
|
$(
|
|
let handle = procspawn::spawn((), |_| {
|
|
|
|
$f();
|
|
|
|
$body
|
|
|
|
});
|
|
handle.join().unwrap();
|
|
)*
|
|
};
|
|
}
|
|
|
|
#[macro_export]
|
|
macro_rules! test_spawn_process_provided_policies {
|
|
($body: block) => {
|
|
$crate::test_spawn_process_with_policies!(
|
|
$body,
|
|
$crate::policy::secret_policy_try_use_memfd_secrets,
|
|
$crate::secret_policy_use_only_malloc_secrets
|
|
);
|
|
|
|
#[cfg(target_os = "linux")]
|
|
{
|
|
$crate::test_spawn_process_with_policies!(
|
|
$body,
|
|
$crate::policy::secret_policy_use_only_memfd_secrets
|
|
);
|
|
}
|
|
};
|
|
}
|
|
}
|