memsafe 0.2.1

A Secure cross-platform Rust library for securely wrapping data in memory
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

// src/lib.rs
mod ffi;
mod raw_ptr;

use std::cell::UnsafeCell;
use std::ffi::c_void;
use std::io;
use std::ops::{Deref, DerefMut};

use ffi::{
    mem_alloc, mem_dealloc, mem_lock, mem_noaccess, mem_readonly, mem_readwrite, mem_unlock,
};
use raw_ptr::{ptr_deref, ptr_deref_mut, ptr_drop_in_place, ptr_write, ptr_write_bytes};

#[derive(Debug)]
pub struct MemoryError(io::Error);

impl From<io::Error> for MemoryError {
    fn from(err: io::Error) -> Self {
        MemoryError(err)
    }
}

impl MemoryError {
    pub fn inner(&self) -> &io::Error {
        &self.0
    }
}

pub struct MemSafe<T> {
    ptr: *mut T,
    len: usize,
    is_writable: UnsafeCell<bool>,
}

impl<T> MemSafe<T> {
    pub fn new(value: T) -> Result<Self, MemoryError> {
        let len = std::mem::size_of::<T>();
        let ptr = mem_alloc(len)?;
        ptr_write(ptr, value);
        let mem_safe = MemSafe {
            ptr,
            len,
            is_writable: UnsafeCell::new(true),
        };
        mem_safe.lock_memory()?;
        mem_safe.set_memory_advice()?;
        #[cfg(unix)]
        {
            mem_safe.make_noaccess()?;
        }
        // Windows doesn't allow for no access locked memory. So, the memory is kept readonly
        // in Windows. See more in following link:
        // https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtuallock#remarks
        #[cfg(windows)]
        {
            mem_safe.make_readonly()?;
        }
        Ok(mem_safe)
    }

    fn make_noaccess(&self) -> Result<(), MemoryError> {
        mem_noaccess(self.ptr, self.len)?;
        unsafe {
            *self.is_writable.get() = false;
            Ok(())
        }
    }

    fn make_writable(&self) -> Result<(), MemoryError> {
        mem_readwrite(self.ptr, self.len)?;
        unsafe {
            *self.is_writable.get() = true;
            Ok(())
        }
    }

    fn make_readonly(&self) -> Result<(), MemoryError> {
        mem_readonly(self.ptr, self.len)?;
        unsafe {
            *self.is_writable.get() = false;
            Ok(())
        }
    }

    fn lock_memory(&self) -> Result<(), MemoryError> {
        mem_lock(self.ptr, self.len)
    }

    #[cfg(target_os = "linux")]
    fn set_memory_advice(&self) -> Result<(), MemoryError> {
        ffi::unix::madvice(self.ptr as *mut c_void, self.len, libc::MADV_DONTDUMP)
    }

    #[cfg(not(target_os = "linux"))]
    fn set_memory_advice(&self) -> Result<(), MemoryError> {
        Ok(())
    }
}

impl<T> Deref for MemSafe<T> {
    type Target = T;
    fn deref(&self) -> &Self::Target {
        unsafe {
            if !*self.is_writable.get() {
                self.make_readonly().expect("Failed to make readable");
            }
        }
        ptr_deref(self.ptr)
    }
}

impl<T> DerefMut for MemSafe<T> {
    fn deref_mut(&mut self) -> &mut Self::Target {
        self.make_writable().expect("Failed to make writable");
        ptr_deref_mut(self.ptr)
    }
}

impl<T> Drop for MemSafe<T> {
    fn drop(&mut self) {
        self.make_writable().unwrap();
        ptr_drop_in_place(self.ptr);
        ptr_write_bytes(self.ptr, 0, self.len);
        mem_unlock(self.ptr, self.len).unwrap();
        mem_dealloc(self.ptr, self.len).unwrap();
    }
}