Module dryoc::protected [−][src]
nightly only.Memory protection utilities
Provides access to the memory locking system calls, such as mlock() and
mprotect() on UNIX-like systems, VirtualLock() and VirtualProtect() on
Windows. Similar to libsodium’s sodium_mlock and sodium_mprotect_*
functions.
On Linux, sets MADV_DONTDUMP with madvise() on locked regions.
The protected memory features leverage Rust’s Allocator API, which
requires nightly Rust. This crate must be built with the nightly feature
flag enabled to activate these features.
For details on the Allocator API, see:
https://github.com/rust-lang/rust/issues/32838
Example
use dryoc::protected::*; // Create a read-only, locked region of memory let readonly_locked = HeapBytes::from_slice_into_readonly_locked(b"some locked bytes") .expect("failed to get locked bytes"); // ... now do stuff with `readonly_locked` ... println!("{:?}", readonly_locked.as_slice());
Protection features
The type safe API uses traits to guard against misuse of protected memory.
For example, memory that is set as read-only can be accessed with immutable
accessors (such as .as_slice() or .as_array()), but not with mutable
accessors like .as_mut_slice() or .as_mut_array().
use dryoc::protected::*; // Create a read-only, locked region of memory let readonly_locked = HeapBytes::from_slice_into_readonly_locked(b"some locked bytes") .expect("failed to get locked bytes"); // Try to access the memory mutably println!("{:?}", readonly_locked.as_mut_slice()); // fails to compile, cannot access mutably
Memory that has been protected as read-only or no-access will cause the
process to crash if you attempt to access the memory improperly. To test
this, try the following code (which requires an unsafe block):
use dryoc::protected::*; // Create a read-only, locked region of memory let readonly_locked = HeapBytes::from_slice_into_readonly_locked(b"some locked bytes") .expect("failed to get locked bytes"); // Write to a protected region of memory, causing a crash. unsafe { std::ptr::write(readonly_locked.as_slice().as_ptr() as *mut u8, 0) // <- crash happens here };
Running the code above produces as signal: 10, SIGBUS: access to undefined memory panic.
Re-exports
pub use crate::types::*; |
pub use ptypes::*; |
Modules
| ptypes | Short-hand type aliases for protected types. |
Structs
| HeapByteArray | A heap-allocated fixed-length byte array, using the
page-aligned allocator. Required for working with
protected memory regions. Wraps a |
| HeapBytes | A heap-allocated resizable byte array, using the
page-aligned allocator. Required for working with
protected memory regions. Wraps a |
| PageAlignedAllocator | Custom page-aligned allocator implementation. Creates blocks of page-aligned heap-allocated memory regions, with a no-access pages before and after the allocated region of memory. |
| Protected | Holds Protected region of memory. Does not implement traits such as Copy, Clone, or std::fmt::Debug. |
Traits
| Lock | Protected region of memory that can be locked. |
| Lockable | A region of memory that can be locked, but is not yet protected. In order to lock the memory, it may require making a copy. |
| NewLocked | Bytes which can be allocated and protected. |
| NewLockedFromSlice | Create a new region of protected memory from a slice. |
| ProtectNoAccess | Protected region of memory that can be set as no-access. Must be unlocked. |
| ProtectReadOnly | Protected region of memory that can be set as read-only. |
| ProtectReadWrite | Protected region of memory that can be set as read-write. |
| Unlock | Protected region of memory that can be locked (i.e., is already locked). |