using mlock(2) to try avoiding pushing pages to swap is not what the syscall was intended for and relying on this for security purproses is nonsense especially that OpenBSD has an encrypted swap Index: egg/egg-secure-memory.c --- egg/egg-secure-memory.c.orig +++ egg/egg-secure-memory.c @@ -864,7 +864,6 @@ sec_acquire_pages (size_t *sz, pgsize = getpagesize (); *sz = (*sz + pgsize -1) & ~(pgsize - 1); -#if defined(HAVE_MLOCK) pages = mmap (0, *sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); if (pages == MAP_FAILED) { if (show_warning && egg_secure_warnings) @@ -874,8 +873,9 @@ sec_acquire_pages (size_t *sz, return NULL; } +#if defined(HAVE_MLOCK) && !defined(__OpenBSD__) if (mlock (pages, *sz) < 0) { - if (show_warning && egg_secure_warnings && errno != EPERM) { + if (show_warning && egg_secure_warnings && errno != EPERM && errno != EAGAIN) { fprintf (stderr, "couldn't lock %lu bytes of memory (%s): %s\n", (unsigned long)*sz, during_tag, strerror (errno)); show_warning = 0; @@ -883,19 +883,12 @@ sec_acquire_pages (size_t *sz, munmap (pages, *sz); return NULL; } +#endif DEBUG_ALLOC ("gkr-secure-memory: new block ", *sz); show_warning = 1; return pages; - -#else - if (show_warning && egg_secure_warnings) - fprintf (stderr, "your system does not support private memory"); - show_warning = 0; - return NULL; -#endif - } static void @@ -904,18 +897,15 @@ sec_release_pages (void *pages, size_t sz) ASSERT (pages); ASSERT (sz % getpagesize () == 0); -#if defined(HAVE_MLOCK) +#if defined(HAVE_MLOCK) && !defined(__OpenBSD__) if (munlock (pages, sz) < 0 && egg_secure_warnings) fprintf (stderr, "couldn't unlock private memory: %s\n", strerror (errno)); +#endif if (munmap (pages, sz) < 0 && egg_secure_warnings) fprintf (stderr, "couldn't unmap private anonymous memory: %s\n", strerror (errno)); DEBUG_ALLOC ("gkr-secure-memory: freed block ", sz); - -#else - ASSERT (FALSE); -#endif } /* -----------------------------------------------------------------------------