#ifndef BITCOIN_ALLOCATORS_H
#define BITCOIN_ALLOCATORS_H
-#include <string.h>
+#include <openssl/crypto.h> // for OPENSSL_cleanse()
+
+#include <cstring>
#include <string>
-#include <boost/thread/mutex.hpp>
+#include <mutex>
+#include <cassert>
#include <map>
-
-#ifdef WIN32
-#ifdef _WIN32_WINNT
-#undef _WIN32_WINNT
-#endif
-#define _WIN32_WINNT 0x0501
-#define WIN32_LEAN_AND_MEAN 1
-#ifndef NOMINMAX
-#define NOMINMAX
-#endif
-#include <windows.h>
-// This is used to attempt to keep keying material out of swap
-// Note that VirtualLock does not provide this as a guarantee on Windows,
-// but, in practice, memory that has been VirtualLock'd almost never gets written to
-// the pagefile except in rare circumstances where memory is extremely low.
-#else
-#include <sys/mman.h>
-#include <limits.h> // for PAGESIZE
-#include <unistd.h> // for sysconf
-#endif
+#include <vector>
/**
* Thread-safe class to keep track of locked (ie, non-swappable) memory pages.
page_mask = ~(page_size - 1);
}
+ ~LockedPageManagerBase()
+ {
+ assert(this->GetLockedPageCount() == 0);
+ }
+
// For all pages in affected range, increase lock count
void LockRange(void *p, size_t size)
{
- boost::mutex::scoped_lock lock(mutex);
+ std::scoped_lock lock(mutex);
if(!size) return;
const size_t base_addr = reinterpret_cast<size_t>(p);
const size_t start_page = base_addr & page_mask;
// For all pages in affected range, decrease lock count
void UnlockRange(void *p, size_t size)
{
- boost::mutex::scoped_lock lock(mutex);
+ std::scoped_lock lock(mutex);
if(!size) return;
const size_t base_addr = reinterpret_cast<size_t>(p);
const size_t start_page = base_addr & page_mask;
// Get number of locked pages for diagnostics
int GetLockedPageCount()
{
- boost::mutex::scoped_lock lock(mutex);
+ std::scoped_lock lock(mutex);
return histogram.size();
}
private:
Locker locker;
- boost::mutex mutex;
+ std::mutex mutex;
size_t page_size, page_mask;
// map of page base address to lock count
typedef std::map<size_t,int> Histogram;
Histogram histogram;
};
-/** Determine system page size in bytes */
-static inline size_t GetSystemPageSize()
-{
- size_t page_size;
-#if defined(WIN32)
- SYSTEM_INFO sSysInfo;
- GetSystemInfo(&sSysInfo);
- page_size = sSysInfo.dwPageSize;
-#elif defined(PAGESIZE) // defined in limits.h
- page_size = PAGESIZE;
-#else // assume some POSIX OS
- page_size = sysconf(_SC_PAGESIZE);
-#endif
- return page_size;
-}
-
/**
* OS-dependent memory page locking/unlocking.
* Defined as policy class to make stubbing for test possible.
/** Lock memory pages.
* addr and len must be a multiple of the system page size
*/
- bool Lock(const void *addr, size_t len)
- {
-#ifdef WIN32
- return VirtualLock(const_cast<void*>(addr), len) != 0;
-#else
- return mlock(addr, len) == 0;
-#endif
- }
+ bool Lock(const void *addr, size_t len);
/** Unlock memory pages.
* addr and len must be a multiple of the system page size
*/
- bool Unlock(const void *addr, size_t len)
- {
-#ifdef WIN32
- return VirtualUnlock(const_cast<void*>(addr), len) != 0;
-#else
- return munlock(addr, len) == 0;
-#endif
- }
+ bool Unlock(const void *addr, size_t len);
};
/**
* Singleton class to keep track of locked (ie, non-swappable) memory pages, for use in
* std::allocator templates.
- */
+ *
+ * Some implementations of the STL allocate memory in some constructors (i.e., see
+ * MSVC's vector<T> implementation where it allocates 1 byte of memory in the allocator.)
+ * Due to the unpredictable order of static initializers, we have to make sure the
+ * LockedPageManager instance exists before any other STL-based objects that use
+ * secure_allocator are created. So instead of having LockedPageManager also be
+ * static-intialized, it is created on demand.
+*/
class LockedPageManager: public LockedPageManagerBase<MemoryPageLocker>
{
public:
- static LockedPageManager instance; // instantiated in util.cpp
+ static LockedPageManager& Instance()
+ {
+ std::call_once(LockedPageManager::init_flag, LockedPageManager::CreateInstance);
+ return *LockedPageManager::_instance;
+ }
private:
- LockedPageManager():
- LockedPageManagerBase<MemoryPageLocker>(GetSystemPageSize())
- {}
+ LockedPageManager();
+
+ static void CreateInstance()
+ {
+ // Using a local static instance guarantees that the object is initialized
+ // when it's first needed and also deinitialized after all objects that use
+ // it are done with it. I can think of one unlikely scenario where we may
+ // have a static deinitialization order/problem, but the check in
+ // LockedPageManagerBase's destructor helps us detect if that ever happens.
+ static LockedPageManager instance;
+ LockedPageManager::_instance = &instance;
+ }
+
+ static LockedPageManager* _instance;
+ static std::once_flag init_flag;
};
//
template<typename _Other> struct rebind
{ typedef secure_allocator<_Other> other; };
- T* allocate(std::size_t n, const void *hint = 0)
+ T* allocate(std::size_t n, const void *hint = nullptr)
{
T *p;
p = std::allocator<T>::allocate(n, hint);
- if (p != NULL)
- LockedPageManager::instance.LockRange(p, sizeof(T) * n);
+ if (p != nullptr)
+ LockedPageManager::Instance().LockRange(p, sizeof(T) * n);
return p;
}
void deallocate(T* p, std::size_t n)
{
- if (p != NULL)
+ if (p != nullptr)
{
- memset(p, 0, sizeof(T) * n);
- LockedPageManager::instance.UnlockRange(p, sizeof(T) * n);
+ OPENSSL_cleanse(p, sizeof(T) * n);
+ LockedPageManager::Instance().UnlockRange(p, sizeof(T) * n);
}
std::allocator<T>::deallocate(p, n);
}
void deallocate(T* p, std::size_t n)
{
- if (p != NULL)
- memset(p, 0, sizeof(T) * n);
+ if (p != nullptr)
+ OPENSSL_cleanse(p, sizeof(T) * n);
std::allocator<T>::deallocate(p, n);
}
};
// This is exactly like std::string, but with a custom allocator.
typedef std::basic_string<char, std::char_traits<char>, secure_allocator<char> > SecureString;
+// Byte-vector that clears its contents before deletion.
+typedef std::vector<char, zero_after_free_allocator<char> > CSerializeData;
+
#endif