Branch data Line data Source code
1 : : // Copyright (c) 2016-2020 The Bitcoin Core developers
2 : : // Distributed under the MIT software license, see the accompanying
3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 : :
5 : : #ifndef BITCOIN_SUPPORT_LOCKEDPOOL_H
6 : : #define BITCOIN_SUPPORT_LOCKEDPOOL_H
7 : :
8 : : #include <cstddef>
9 : : #include <list>
10 : : #include <map>
11 : : #include <memory>
12 : : #include <mutex>
13 : : #include <unordered_map>
14 : :
15 : : /**
16 : : * OS-dependent allocation and deallocation of locked/pinned memory pages.
17 : : * Abstract base class.
18 : : */
19 : 206 : class LockedPageAllocator
20 : : {
21 : : public:
22 : : virtual ~LockedPageAllocator() = default;
23 : : /** Allocate and lock memory pages.
24 : : * If len is not a multiple of the system page size, it is rounded up.
25 : : * Returns nullptr in case of allocation failure.
26 : : *
27 : : * If locking the memory pages could not be accomplished it will still
28 : : * return the memory, however the lockingSuccess flag will be false.
29 : : * lockingSuccess is undefined if the allocation fails.
30 : : */
31 : : virtual void* AllocateLocked(size_t len, bool *lockingSuccess) = 0;
32 : :
33 : : /** Unlock and free memory pages.
34 : : * Clear the memory before unlocking.
35 : : */
36 : : virtual void FreeLocked(void* addr, size_t len) = 0;
37 : :
38 : : /** Get the total limit on the amount of memory that may be locked by this
39 : : * process, in bytes. Return size_t max if there is no limit or the limit
40 : : * is unknown. Return 0 if no memory can be locked at all.
41 : : */
42 : : virtual size_t GetLimit() = 0;
43 : : };
44 : :
45 : : /* An arena manages a contiguous region of memory by dividing it into
46 : : * chunks.
47 : : */
48 : : class Arena
49 : : {
50 : : public:
51 : : Arena(void *base, size_t size, size_t alignment);
52 : : virtual ~Arena();
53 : :
54 : : Arena(const Arena& other) = delete; // non construction-copyable
55 : : Arena& operator=(const Arena&) = delete; // non copyable
56 : :
57 : : /** Memory statistics. */
58 : : struct Stats
59 : : {
60 : : size_t used;
61 : : size_t free;
62 : : size_t total;
63 : : size_t chunks_used;
64 : : size_t chunks_free;
65 : : };
66 : :
67 : : /** Allocate size bytes from this arena.
68 : : * Returns pointer on success, or 0 if memory is full or
69 : : * the application tried to allocate 0 bytes.
70 : : */
71 : : void* alloc(size_t size);
72 : :
73 : : /** Free a previously allocated chunk of memory.
74 : : * Freeing the zero pointer has no effect.
75 : : * Raises std::runtime_error in case of error.
76 : : */
77 : : void free(void *ptr);
78 : :
79 : : /** Get arena usage statistics */
80 : : Stats stats() const;
81 : :
82 : : #ifdef ARENA_DEBUG
83 : : void walk() const;
84 : : #endif
85 : :
86 : : /** Return whether a pointer points inside this arena.
87 : : * This returns base <= ptr < (base+size) so only use it for (inclusive)
88 : : * chunk starting addresses.
89 : : */
90 [ + - + - ]: 2061030 : bool addressInArena(void *ptr) const { return ptr >= base && ptr < end; }
91 : : private:
92 : : typedef std::multimap<size_t, void*> SizeToChunkSortedMap;
93 : : /** Map to enable O(log(n)) best-fit allocation, as it's sorted by size */
94 : : SizeToChunkSortedMap size_to_free_chunk;
95 : :
96 : : typedef std::unordered_map<void*, SizeToChunkSortedMap::const_iterator> ChunkToSizeMap;
97 : : /** Map from begin of free chunk to its node in size_to_free_chunk */
98 : : ChunkToSizeMap chunks_free;
99 : : /** Map from end of free chunk to its node in size_to_free_chunk */
100 : : ChunkToSizeMap chunks_free_end;
101 : :
102 : : /** Map from begin of used chunk to its size */
103 : : std::unordered_map<void*, size_t> chunks_used;
104 : :
105 : : /** Base address of arena */
106 : : void* base;
107 : : /** End address of arena */
108 : : void* end;
109 : : /** Minimum chunk alignment */
110 : : size_t alignment;
111 : : };
112 : :
113 : : /** Pool for locked memory chunks.
114 : : *
115 : : * To avoid sensitive key data from being swapped to disk, the memory in this pool
116 : : * is locked/pinned.
117 : : *
118 : : * An arena manages a contiguous region of memory. The pool starts out with one arena
119 : : * but can grow to multiple arenas if the need arises.
120 : : *
121 : : * Unlike a normal C heap, the administrative structures are separate from the managed
122 : : * memory. This has been done as the sizes and bases of objects are not in themselves sensitive
123 : : * information, as to conserve precious locked memory. In some operating systems
124 : : * the amount of memory that can be locked is small.
125 : : */
126 : : class LockedPool
127 : : {
128 : : public:
129 : : /** Size of one arena of locked memory. This is a compromise.
130 : : * Do not set this too low, as managing many arenas will increase
131 : : * allocation and deallocation overhead. Setting it too high allocates
132 : : * more locked memory from the OS than strictly necessary.
133 : : */
134 : : static const size_t ARENA_SIZE = 256*1024;
135 : : /** Chunk alignment. Another compromise. Setting this too high will waste
136 : : * memory, setting it too low will facilitate fragmentation.
137 : : */
138 : : static const size_t ARENA_ALIGN = 16;
139 : :
140 : : /** Callback when allocation succeeds but locking fails.
141 : : */
142 : : typedef bool (*LockingFailed_Callback)();
143 : :
144 : : /** Memory statistics. */
145 : : struct Stats
146 : : {
147 : : size_t used;
148 : : size_t free;
149 : : size_t total;
150 : : size_t locked;
151 : : size_t chunks_used;
152 : : size_t chunks_free;
153 : : };
154 : :
155 : : /** Create a new LockedPool. This takes ownership of the MemoryPageLocker,
156 : : * you can only instantiate this with LockedPool(std::move(...)).
157 : : *
158 : : * The second argument is an optional callback when locking a newly allocated arena failed.
159 : : * If this callback is provided and returns false, the allocation fails (hard fail), if
160 : : * it returns true the allocation proceeds, but it could warn.
161 : : */
162 : : explicit LockedPool(std::unique_ptr<LockedPageAllocator> allocator, LockingFailed_Callback lf_cb_in = nullptr);
163 : : ~LockedPool();
164 : :
165 : : LockedPool(const LockedPool& other) = delete; // non construction-copyable
166 : : LockedPool& operator=(const LockedPool&) = delete; // non copyable
167 : :
168 : : /** Allocate size bytes from this arena.
169 : : * Returns pointer on success, or 0 if memory is full or
170 : : * the application tried to allocate 0 bytes.
171 : : */
172 : : void* alloc(size_t size);
173 : :
174 : : /** Free a previously allocated chunk of memory.
175 : : * Freeing the zero pointer has no effect.
176 : : * Raises std::runtime_error in case of error.
177 : : */
178 : : void free(void *ptr);
179 : :
180 : : /** Get pool usage statistics */
181 : : Stats stats() const;
182 : : private:
183 : : std::unique_ptr<LockedPageAllocator> allocator;
184 : :
185 : : /** Create an arena from locked pages */
186 : : class LockedPageArena: public Arena
187 : : {
188 : : public:
189 : : LockedPageArena(LockedPageAllocator *alloc_in, void *base_in, size_t size, size_t align);
190 : : ~LockedPageArena();
191 : : private:
192 : : void *base;
193 : : size_t size;
194 : : LockedPageAllocator *allocator;
195 : : };
196 : :
197 : : bool new_arena(size_t size, size_t align);
198 : :
199 : : std::list<LockedPageArena> arenas;
200 : : LockingFailed_Callback lf_cb;
201 : : size_t cumulative_bytes_locked{0};
202 : : /** Mutex protects access to this pool's data structures, including arenas.
203 : : */
204 : : mutable std::mutex mutex;
205 : : };
206 : :
207 : : /**
208 : : * Singleton class to keep track of locked (ie, non-swappable) memory, for use in
209 : : * std::allocator templates.
210 : : *
211 : : * Some implementations of the STL allocate memory in some constructors (i.e., see
212 : : * MSVC's vector<T> implementation where it allocates 1 byte of memory in the allocator.)
213 : : * Due to the unpredictable order of static initializers, we have to make sure the
214 : : * LockedPoolManager instance exists before any other STL-based objects that use
215 : : * secure_allocator are created. So instead of having LockedPoolManager also be
216 : : * static-initialized, it is created on demand.
217 : : */
218 : : class LockedPoolManager : public LockedPool
219 : : {
220 : : public:
221 : : /** Return the current instance, or create it once */
222 : 4122062 : static LockedPoolManager& Instance()
223 : : {
224 : 4122062 : static std::once_flag init_flag;
225 : 4122062 : std::call_once(init_flag, LockedPoolManager::CreateInstance);
226 : 4122062 : return *LockedPoolManager::_instance;
227 : : }
228 : :
229 : : private:
230 : : explicit LockedPoolManager(std::unique_ptr<LockedPageAllocator> allocator);
231 : :
232 : : /** Create a new LockedPoolManager specialized to the OS */
233 : : static void CreateInstance();
234 : : /** Called when locking fails, warn the user here */
235 : : static bool LockingFailed();
236 : :
237 : : static LockedPoolManager* _instance;
238 : : };
239 : :
240 : : #endif // BITCOIN_SUPPORT_LOCKEDPOOL_H
|