Explicitly call sodium_mlock

See jedisct1/libsodium#1237: sodium_malloc() calls sodium_mlock() for us, but it ignores any failures reported from there, so if we run out of our mlock quota, instead of failing loudly and clearly, it will just give us non-mlocked memory instead, and when we use it under the assumption that it will be mlocked, all sorts of spurious / nondeterministic failures will result.
IntersectMBO · Dec 19, 2022 · a94ffd2 · a94ffd2
1 parent 08c1793
commit a94ffd2
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 9 deletions.
diff --git a/cardano-crypto-class/src/Cardano/Crypto/Libsodium/C.hs b/cardano-crypto-class/src/Cardano/Crypto/Libsodium/C.hs
@@ -9,6 +9,8 @@ module Cardano.Crypto.Libsodium.C (
     c_sodium_malloc,
     c_sodium_free,
     c_sodium_free_funptr,
+    c_sodium_mlock,
+    c_sodium_munlock,
 
     -- * Hashing
     -- ** SHA256
@@ -81,6 +83,16 @@ foreign import capi unsafe "sodium.h sodium_free" c_sodium_free :: Ptr a -> IO (
 -- <https://libsodium.gitbook.io/doc/memory_management>
 foreign import capi unsafe "sodium.h &sodium_free" c_sodium_free_funptr :: FunPtr (Ptr a -> IO ())
 
+-- | @void *sodium_mlock(void * const addr, size_t size);@
+--
+-- <https://libsodium.gitbook.io/doc/memory_management>
+foreign import capi unsafe "sodium.h sodium_mlock" c_sodium_mlock :: Ptr a -> CSize -> IO CInt
+
+-- | @void *sodium_munlock(void * const addr, size_t size);@
+--
+-- <https://libsodium.gitbook.io/doc/memory_management>
+foreign import capi unsafe "sodium.h sodium_munlock" c_sodium_munlock :: Ptr a  -> CSize-> IO CInt
+
 -------------------------------------------------------------------------------
 -- Hashing: SHA256
 -------------------------------------------------------------------------------

diff --git a/cardano-crypto-class/src/Cardano/Crypto/Libsodium/Memory/Internal.hs b/cardano-crypto-class/src/Cardano/Crypto/Libsodium/Memory/Internal.hs
@@ -66,7 +66,7 @@ makeMLockedPool = do
     (fromIntegral $ 4096 `div` (natVal (Proxy @n)) `div` 64)
     (\size -> mask_ $ do
       ptr <- sodiumMalloc (fromIntegral size)
-      newForeignPtr ptr (sodiumFree ptr)
+      newForeignPtr ptr (sodiumFree ptr (fromIntegral size))
     )
     (\ptr -> do
       eraseMem (Proxy @n) ptr
@@ -94,15 +94,24 @@ mlockedMalloc size = SFP <$> do
         mask_ $ do
           ptr <- sodiumMalloc size
           newForeignPtr ptr $ do
-            sodiumFree ptr
+            sodiumFree ptr size
 
 sodiumMalloc :: CSize -> IO (Ptr a)
 sodiumMalloc size = do
-    ptr <- c_sodium_malloc size
-    when (ptr == nullPtr) $ do
-        errno <- getErrno
-        ioException $ errnoToIOError "c_sodium_malloc" errno Nothing Nothing
-    return ptr
+  ptr <- c_sodium_malloc size
+  when (ptr == nullPtr) $ do
+      errno <- getErrno
+      ioException $ errnoToIOError "c_sodium_malloc" errno Nothing Nothing
+  res <- c_sodium_mlock ptr size
+  when (res /= 0) $ do
+      errno <- getErrno
+      ioException $ errnoToIOError "c_sodium_mlock" errno Nothing Nothing
+  return ptr
 
-sodiumFree :: Ptr a -> IO ()
-sodiumFree = c_sodium_free
+sodiumFree :: Ptr a -> CSize -> IO ()
+sodiumFree ptr size = do
+  res <- c_sodium_munlock ptr size
+  when (res /= 0) $ do
+    errno <- getErrno
+    ioException $ errnoToIOError "c_sodium_munlock" errno Nothing Nothing
+  c_sodium_free ptr