diff options
author | lloyd <[email protected]> | 2015-01-24 15:25:14 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2015-01-24 15:25:14 +0000 |
commit | 43d080b5fff6c5d8ca0c1cc6b2578c7115ac5888 (patch) | |
tree | db19906a0ea3d30b9d0074ed453aeb7cf4b75ba0 /src/lib/alloc | |
parent | d591c1c6247f64a5fc178d8f883f7d429f2684a1 (diff) |
Allow reducing the size of the allocated mlock pool via env variable
(BOTAN_MLOCK_POOL_SIZE, specified in decimal KB). Currently we read
this even when setuid as the worst a user could do is disable mlock,
which they can already do via ulimits.
Diffstat (limited to 'src/lib/alloc')
-rw-r--r-- | src/lib/alloc/locking_allocator/locking_allocator.cpp | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/src/lib/alloc/locking_allocator/locking_allocator.cpp b/src/lib/alloc/locking_allocator/locking_allocator.cpp index 643868c76..4a3dd3c4c 100644 --- a/src/lib/alloc/locking_allocator/locking_allocator.cpp +++ b/src/lib/alloc/locking_allocator/locking_allocator.cpp @@ -23,6 +23,21 @@ namespace { */ const size_t ALIGNMENT_MULTIPLE = 2; +size_t reset_mlock_limit(size_t max_req) + { + struct rlimit limits; + ::getrlimit(RLIMIT_MEMLOCK, &limits); + + if(limits.rlim_cur < limits.rlim_max) + { + limits.rlim_cur = limits.rlim_max; + ::setrlimit(RLIMIT_MEMLOCK, &limits); + ::getrlimit(RLIMIT_MEMLOCK, &limits); + } + + return std::min<size_t>(limits.rlim_cur, max_req); + } + size_t mlock_limit() { /* @@ -34,19 +49,22 @@ size_t mlock_limit() * programs), but small enough that we should not cause problems * even if many processes are mlocking on the same machine. */ - const size_t MLOCK_UPPER_BOUND = 512*1024; - - struct rlimit limits; - ::getrlimit(RLIMIT_MEMLOCK, &limits); + size_t mlock_requested = 512; - if(limits.rlim_cur < limits.rlim_max) + /* + * Allow override via env variable + */ + if(const char* env = ::getenv("BOTAN_MLOCK_POOL_SIZE")) { - limits.rlim_cur = limits.rlim_max; - ::setrlimit(RLIMIT_MEMLOCK, &limits); - ::getrlimit(RLIMIT_MEMLOCK, &limits); + try + { + const size_t user_req = std::stoul(env, nullptr); + mlock_requested = std::min(user_req, mlock_requested); + } + catch(std::exception&) { /* ignore it */ } } - return std::min<size_t>(limits.rlim_cur, MLOCK_UPPER_BOUND); + return reset_mlock_limit(mlock_requested*1024); } bool ptr_in_pool(const void* pool_ptr, size_t poolsize, |