From 50292e2545bdf4886abe096ceede0cd1d95f49b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Attila=20F=C3=BCl=C3=B6p?= <attila@fueloep.org>
Date: Thu, 21 Oct 2021 06:06:55 +0200
Subject: [PATCH] pam_zfs_key: mlock(2) and munlock(2) can fail
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Since both syscalls can fail, add error handling, including EAGAIN.

Reviewed-by: Felix Dörre <felix@dogcraft.de>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Attila Fülöp <attila@fueloep.org>
Closes #12665
---
 contrib/pam_zfs_key/pam_zfs_key.c | 46 +++++++++++++++++++++++++++----
 1 file changed, 41 insertions(+), 5 deletions(-)

diff --git a/contrib/pam_zfs_key/pam_zfs_key.c b/contrib/pam_zfs_key/pam_zfs_key.c
index 0856c7534f..e4196b7ad0 100644
--- a/contrib/pam_zfs_key/pam_zfs_key.c
+++ b/contrib/pam_zfs_key/pam_zfs_key.c
@@ -54,7 +54,7 @@ pam_syslog(pam_handle_t *pamh, int loglevel, const char *fmt, ...)
 #endif
 
 #include <string.h>
-
+#include <unistd.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <sys/file.h>
@@ -69,11 +69,38 @@ static libzfs_handle_t *g_zfs;
 
 static void destroy_pw(pam_handle_t *pamh, void *data, int errcode);
 
+typedef int (*mlock_func_t) (const void *, size_t);
+
 typedef struct {
 	size_t len;
 	char *value;
 } pw_password_t;
 
+/*
+ * Try to mlock or munlock addr while handling EAGAIN by retrying ten times
+ * and sleeping 10 milliseconds in between for a total of 0.1 seconds.
+ * lock_func must point to either mlock(2) or munlock(2).
+ */
+static int
+try_lock(mlock_func_t lock_func, const void *addr, size_t len)
+{
+	int err;
+	int retries = 10;
+	useconds_t sleep_dur = 10 * 1000;
+
+	if ((err = (*lock_func)(addr, len)) != EAGAIN) {
+		return (err);
+	}
+	for (int i = retries; i > 0; --i) {
+		(void) usleep(sleep_dur);
+		if ((err = (*lock_func)(addr, len)) != EAGAIN) {
+			break;
+		}
+	}
+	return (err);
+}
+
+
 static pw_password_t *
 alloc_pw_size(size_t len)
 {
@@ -91,7 +118,11 @@ alloc_pw_size(size_t len)
 		free(pw);
 		return (NULL);
 	}
-	mlock(pw->value, pw->len);
+	if (try_lock(mlock, pw->value, pw->len) != 0) {
+		free(pw->value);
+		free(pw);
+		return NULL;
+	}
 	return (pw);
 }
 
@@ -112,7 +143,11 @@ alloc_pw_string(const char *source)
 		free(pw);
 		return (NULL);
 	}
-	mlock(pw->value, pw->len);
+	if (try_lock(mlock, pw->value, pw->len) != 0) {
+		free(pw->value);
+		free(pw);
+		return NULL;
+	}
 	memcpy(pw->value, source, pw->len);
 	return (pw);
 }
@@ -121,8 +156,9 @@ static void
 pw_free(pw_password_t *pw)
 {
 	bzero(pw->value, pw->len);
-	munlock(pw->value, pw->len);
-	free(pw->value);
+	if (try_lock(munlock, pw->value, pw->len) == 0) {
+		free(pw->value);
+	}
 	free(pw);
 }