gcc/libvtv/vtv_rts.cc
Caroline Tice 8bc16536d6 Fix logging to not use /tmp or the current directory...
Fix logging to not use /tmp or the current directory; get
the location for writing log files from an environment
variable; use secure getenv whenever possible.

From-SVN: r201890
2013-08-20 13:43:16 -07:00

1524 lines
56 KiB
C++

/* Copyright (C) 2012-2013
Free Software Foundation
This file is part of GCC.
GCC is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3, or (at your option)
any later version.
GCC is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
Under Section 7 of GPL version 3, you are granted additional
permissions described in the GCC Runtime Library Exception, version
3.1, as published by the Free Software Foundation.
You should have received a copy of the GNU General Public License and
a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>. */
/* This file is part of the vtable security feature implementation.
The vtable security feature is designed to detect when a virtual
call is about to be made through an invalid vtable pointer
(possibly due to data corruption or malicious attacks). The
compiler finds every virtual call, and inserts a verification call
before the virtual call. The verification call takes the actual
vtable pointer value in the object through which the virtual call
is being made, and compares the vtable pointer against a set of all
valid vtable pointers that the object could contain (this set is
based on the declared type of the object). If the pointer is in
the valid set, execution is allowed to continue; otherwise the
program is halted.
There are several pieces needed in order to make this work: 1. For
every virtual class in the program (i.e. a class that contains
virtual methods), we need to build the set of all possible valid
vtables that an object of that class could point to. This includes
vtables for any class(es) that inherit from the class under
consideration. 2. For every such data set we build up, we need a
way to find and reference the data set. This is complicated by the
fact that the real vtable addresses are not known until runtime,
when the program is loaded into memory, but we need to reference the
sets at compile time when we are inserting verification calls into
the program. 3. We need to find every virtual call in the program,
and insert the verification call (with the appropriate arguments)
before the virtual call. 4. We need some runtime library pieces:
the code to build up the data sets at runtime; the code to actually
perform the verification using the data sets; and some code to set
protections on the data sets, so they themselves do not become
hacker targets.
To find and reference the set of valid vtable pointers for any given
virtual class, we create a special global varible for each virtual
class. We refer to this as the "vtable map variable" for that
class. The vtable map variable has the type "void *", and is
initialized by the compiler to NULL. At runtime when the set of
valid vtable pointers for a virtual class, e.g. class Foo, is built,
the vtable map variable for class Foo is made to point to the set.
During compile time, when the compiler is inserting verification
calls into the program, it passes the vtable map variable for the
appropriate class to the verification call, so that at runtime the
verification call can find the appropriate data set.
The actual set of valid vtable pointers for a polymorphic class,
e.g. class Foo, cannot be built until runtime, when the vtables get
loaded into memory and their addresses are known. But the knowledge
about which vtables belong in which class' hierarchy is only known
at compile time. Therefore at compile time we collect class
hierarchy and vtable information about every virtual class, and we
generate calls to build up the data sets at runtime. To build the
data sets, we call one of the functions we add to the runtime
library, __VLTRegisterPair. __VLTRegisterPair takes two arguments,
a vtable map variable and the address of a vtable. If the vtable
map variable is currently NULL, it creates a new data set (hash
table), makes the vtable map variable point to the new data set, and
inserts the vtable address into the data set. If the vtable map
variable is not NULL, it just inserts the vtable address into the
data set. In order to make sure that our data sets are built before
any verification calls happen, we create a special constructor
initialization function for each compilation unit, give it a very
high initialization priority, and insert all of our calls to
__VLTRegisterPair into our special constructor initialization
function. */
/* This file contains the main externally visible runtime library
functions for vtable verification: __VLTChangePermission,
__VLTRegisterPair, and __VLTVerifyVtablePointer. It also contains
debug versions __VLTRegisterPairDebug and
__VLTVerifyVtablePointerDebug, which have extra parameters in order
to make it easier to debug verification failures.
The final piece of functionality implemented in this file is symbol
resolution for multiple instances of the same vtable map variable.
If the same virtual class is used in two different compilation
units, then each compilation unit will create a vtable map variable
for the class. We need all instances of the same vtable map
variable to point to the same (single) set of valid vtable
pointers for the class, so we wrote our own hashtable-based symbol
resolution for vtable map variables (with a tiny optimization in
the case where there is only one instance of the variable).
There are two other important pieces to the runtime for vtable
verification besides the main pieces that go into libstdc++.so: two
special tiny shared libraries, libvtv_init.so and libvtv_stubs.so.
libvtv_init.so is built from vtv_init.cc. It is designed to help
minimize the calls made to mprotect (see the comments in
vtv_init.cc for more details). Anything compiled with
"-fvtable-verify=std" must be linked with libvtv_init.so (the gcc
driver has been modified to do this). vtv_stubs.so is built from
vtv_stubs.cc. It replaces the main runtime functions
(__VLTChangePermissino, __VLTRegisterPair and
__VLTVerifyVtablePointer) with stub functions that do nothing. If
a programmer has a library that was built with verification, but
wishes to not have verification turned on, the programmer can link
in the vtv_stubs.so library. */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <execinfo.h>
#include <unistd.h>
#include <sys/mman.h>
#include <errno.h>
#include <link.h>
#include <fcntl.h>
#include <limits.h>
/* For gthreads suppport */
#include <bits/c++config.h>
#include <ext/concurrence.h>
#include "vtv_utils.h"
#include "vtv_malloc.h"
#include "vtv_set.h"
#include "vtv_map.h"
#include "vtv_rts.h"
#include "vtv_fail.h"
#include "vtv-change-permission.h"
extern "C" {
/* __fortify_fail is a function in glibc that calls __libc_message,
causing it to print out a program termination error message
(including the name of the binary being terminated), a stack
trace where the error occurred, and a memory map dump. Ideally
we would have called __libc_message directly, but that function
does not appear to be accessible to functions outside glibc,
whereas __fortify_fail is. We call __fortify_fail from
__vtv_really_fail. We looked at calling __libc_fatal, which is
externally accessible, but it does not do the back trace and
memory dump. */
extern void __fortify_fail (const char *) __attribute__((noreturn));
} /* extern "C" */
/* The following variables are used only for debugging and performance
tuning purposes. Therefore they do not need to be "protected".
They cannot be used to attack the vtable verification system and if
they become corrupted it will not affect the correctness or
security of any of the rest of the vtable verification feature. */
unsigned int num_calls_to_regset = 0;
unsigned int num_calls_to_regpair = 0;
unsigned int num_calls_to_verify_vtable = 0;
unsigned long long regset_cycles = 0;
unsigned long long regpair_cycles = 0;
unsigned long long verify_vtable_cycles = 0;
/* Be careful about initialization of statics in this file. Some of
the routines below are called before any runtime initialization for
statics in this file will be done. For example, dont try to
initialize any of these statics with a runtime call (for ex:
sysconf). The initialization will happen after calls to the routines
to protect/unprotec the vtabla_map variables */
/* No need to mark the following variables with VTV_PROTECTED_VAR.
These are either const or are only used for debugging/tracing.
debugging/tracing will not be ON on production environments */
static const bool debug_hash = HASHTABLE_STATS;
static const int debug_functions = 0;
static const int debug_init = 0;
static const int debug_verify_vtable = 0;
#ifdef VTV_DEBUG
static const int debug_functions = 1;
static const int debug_init = 1;
static const int debug_verify_vtable = 1;
#endif
/* Global file descriptor variables for logging, tracing and debugging. */
static int init_log_fd = -1;
static int verify_vtable_log_fd = -1;
/* This holds a formatted error logging message, to be written to the
vtable verify failures log. */
static char debug_log_message[1024];
#ifdef __GTHREAD_MUTEX_INIT
static __gthread_mutex_t change_permissions_lock = __GTHREAD_MUTEX_INIT;
#else
static __gthread_mutex_t change_permissions_lock;
#endif
#ifndef VTV_STATS
#define VTV_STATS 0
#endif
#if VTV_STATS
static inline unsigned long long
get_cycle_count (void)
{
return rdtsc();
}
static inline void
accumulate_cycle_count (unsigned long long *sum, unsigned long long start)
{
unsigned long long end = rdtsc();
*sum = *sum + (end - start);
}
static inline void
increment_num_calls (unsigned int *num_calls)
{
*num_calls = *num_calls + 1;
}
#else
static inline unsigned long long
get_cycle_count (void)
{
return (unsigned long long) 0;
}
static inline void
accumulate_cycle_count (unsigned long long *sum __attribute__((__unused__)),
unsigned long long start __attribute__((__unused__)))
{
/* Do nothing. */
}
static inline void
increment_num_calls (unsigned int *num_calls __attribute__((__unused__)))
{
/* Do nothing. */
}
#endif
/* Types needed by insert_only_hash_sets. */
typedef uintptr_t int_vptr;
/* The set of valid vtable pointers for each virtual class is stored
in a hash table. This is the hashing function used for the hash
table. For more information on the implementation of the hash
table, see the class insert_only_hash_sets in vtv_set.h. */
struct vptr_hash
{
/* Hash function, used to convert vtable pointer, V, (a memory
address) into an index into the hash table. */
size_t
operator() (int_vptr v) const
{
const uint32_t x = 0x7a35e4d9;
const int shift = (sizeof (v) == 8) ? 23 : 21;
v = x * v;
return v ^ (v >> shift);
}
};
/* This is the memory allocator used to create the hash table data
sets of valid vtable pointers. We use VTV_malloc in order to keep
track of which pages have been allocated, so we can update the
protections on those pages appropriately. See the class
insert_only_hash_sets in vtv_set.h for more information. */
struct vptr_set_alloc
{
/* Memory allocator operator. N is the number of bytes to be
allocated. */
void *
operator() (size_t n) const
{
return __vtv_malloc (n);
}
};
/* Instantiate the template classes (in vtv_set.h) for our particular
hash table needs. */
typedef insert_only_hash_sets<int_vptr, vptr_hash, vptr_set_alloc> vtv_sets;
typedef vtv_sets::insert_only_hash_set vtv_set;
typedef vtv_set * vtv_set_handle;
typedef vtv_set_handle * vtv_set_handle_handle;
/* Records for caching the section header information that we have
read out of the file(s) on disk (in dl_iterate_phdr_callback), to
avoid having to re-open and re-read the same file multiple
times. */
struct sect_hdr_data
{
ElfW (Addr) dlpi_addr; /* The header address in the INFO record,
passed in from dl_iterate_phdr. */
ElfW (Addr) mp_low; /* Start address of the .vtable_map_vars
section in memory. */
size_t mp_size; /* Size of the .vtable_map_vars section in
memory. */
};
/* Array for caching the section header information, read from file,
to avoid re-opening and re-reading the same file over-and-over
again. */
#define MAX_ENTRIES 250
static struct sect_hdr_data vtv_sect_info_cache[MAX_ENTRIES] VTV_PROTECTED_VAR;
unsigned int num_cache_entries VTV_PROTECTED_VAR = 0;
/* This function takes the LOAD_ADDR for an object opened by the
dynamic loader, and checks the array of cached file data to see if
there is an entry with the same addres. If it finds such an entry,
it returns the record for that entry; otherwise it returns
NULL. */
struct sect_hdr_data *
search_cached_file_data (ElfW (Addr) load_addr)
{
unsigned int i;
for (i = 0; i < num_cache_entries; ++i)
{
if (vtv_sect_info_cache[i].dlpi_addr == load_addr)
return &(vtv_sect_info_cache[i]);
}
return NULL;
}
/* This function tries to read COUNT bytes out of the file referred to
by FD into the buffer BUF. It returns the actual number of bytes
it succeeded in reading. */
static size_t
ReadPersistent (int fd, void *buf, size_t count)
{
char *buf0 = (char *) buf;
size_t num_bytes = 0;
while (num_bytes < count)
{
int len;
len = read (fd, buf0 + num_bytes, count - num_bytes);
if (len < 0)
return -1;
if (len == 0)
break;
num_bytes += len;
}
return num_bytes;
}
/* This function tries to read COUNT bytes, starting at OFFSET from
the file referred to by FD, and put them into BUF. It calls
ReadPersistent to help it do so. It returns the actual number of
bytes read, or -1 if it fails altogether. */
static size_t
ReadFromOffset (int fd, void *buf, const size_t count, const off_t offset)
{
off_t off = lseek (fd, offset, SEEK_SET);
if (off != (off_t) -1)
return ReadPersistent (fd, buf, count);
return -1;
}
/* The function takes a MESSAGE and attempts to write it to the vtable
memory protection log (for debugging purposes). If the file is not
open, it attempts to open the file first. */
static void
log_memory_protection_data (char *message)
{
static int log_fd = -1;
if (log_fd == -1)
log_fd = __vtv_open_log ("vtv_memory_protection_data.log");
__vtv_add_to_log (log_fd, "%s", message);
}
static void
read_section_offset_and_length (struct dl_phdr_info *info,
const char *sect_name,
int mprotect_flags,
off_t *sect_offset,
ElfW (Word) *sect_len)
{
char program_name[PATH_MAX];
char *cptr;
bool found = false;
struct sect_hdr_data *cached_data = NULL;
const ElfW (Phdr) *phdr_info = info->dlpi_phdr;
const ElfW (Ehdr) *ehdr_info =
(const ElfW (Ehdr) *) (info->dlpi_addr + info->dlpi_phdr[0].p_vaddr
- info->dlpi_phdr[0].p_offset);
/* Get the name of the main executable. This may or may not include
arguments passed to the program. Find the first space, assume it
is the start of the argument list, and change it to a '\0'. */
snprintf (program_name, sizeof (program_name), program_invocation_name);
/* Check to see if we already have the data for this file. */
cached_data = search_cached_file_data (info->dlpi_addr);
if (cached_data)
{
*sect_offset = cached_data->mp_low;
*sect_len = cached_data->mp_size;
return;
}
/* Find the first non-escaped space in the program name and make it
the end of the string. */
cptr = strchr (program_name, ' ');
if (cptr != NULL && cptr[-1] != '\\')
cptr[0] = '\0';
if ((phdr_info->p_type == PT_PHDR || phdr_info->p_type == PT_LOAD)
&& (ehdr_info->e_shoff && ehdr_info->e_shnum))
{
int name_len = strlen (sect_name);
int fd = -1;
/* Attempt to open the binary file on disk. */
if (strlen (info->dlpi_name) == 0)
{
/* If the constructor initialization function was put into
the preinit array, then this function will get called
while handling preinit array stuff, in which case
program_invocation_name has not been initialized. In
that case we can get the filename of the executable from
"/proc/self/exe". */
if (strlen (program_name) > 0)
{
if (phdr_info->p_type == PT_PHDR)
fd = open (program_name, O_RDONLY);
}
else
fd = open ("/proc/self/exe", O_RDONLY);
}
else
fd = open (info->dlpi_name, O_RDONLY);
if (fd != -1)
{
/* Find the section header information in the file. */
ElfW (Half) strtab_idx = ehdr_info->e_shstrndx;
ElfW (Shdr) shstrtab;
off_t shstrtab_offset = ehdr_info->e_shoff +
(ehdr_info->e_shentsize * strtab_idx);
size_t bytes_read = ReadFromOffset (fd, &shstrtab, sizeof (shstrtab),
shstrtab_offset);
VTV_ASSERT (bytes_read == sizeof (shstrtab));
ElfW (Shdr) sect_hdr;
/* This code will be needed once we have crated libvtv.so. */
bool is_libvtv = false;
/*
if (strstr (info->dlpi_name, "libvtv.so"))
is_libvtv = true;
*/
/* Loop through all the section headers, looking for one whose
name is ".vtable_map_vars". */
for (int i = 0; i < ehdr_info->e_shnum && !found; ++i)
{
off_t offset = ehdr_info->e_shoff + (ehdr_info->e_shentsize * i);
bytes_read = ReadFromOffset (fd, &sect_hdr, sizeof (sect_hdr),
offset);
VTV_ASSERT (bytes_read == sizeof (sect_hdr));
char header_name[64];
off_t name_offset = shstrtab.sh_offset + sect_hdr.sh_name;
bytes_read = ReadFromOffset (fd, &header_name, 64, name_offset);
VTV_ASSERT (bytes_read > 0);
if (memcmp (header_name, sect_name, name_len) == 0)
{
/* We found the section; get its load offset and
size. */
*sect_offset = sect_hdr.sh_addr;
if (!is_libvtv)
*sect_len = sect_hdr.sh_size - VTV_PAGE_SIZE;
else
*sect_len = sect_hdr.sh_size;
found = true;
}
}
close (fd);
}
}
if (*sect_offset != 0 && *sect_len != 0)
{
/* Calculate the page location in memory, making sure the
address is page-aligned. */
ElfW (Addr) start_addr = (const ElfW (Addr)) info->dlpi_addr
+ *sect_offset;
*sect_offset = start_addr & ~(VTV_PAGE_SIZE - 1);
*sect_len = *sect_len - 1;
/* Since we got this far, we must not have found these pages in
the cache, so add them to it. NOTE: We could get here either
while making everything read-only or while making everything
read-write. We will only update the cache if we get here on
a read-write (to make absolutely sure the cache is writable
-- also the read-write pass should come before the read-only
pass). */
if ((mprotect_flags & PROT_WRITE)
&& num_cache_entries < MAX_ENTRIES)
{
vtv_sect_info_cache[num_cache_entries].dlpi_addr = info->dlpi_addr;
vtv_sect_info_cache[num_cache_entries].mp_low = *sect_offset;
vtv_sect_info_cache[num_cache_entries].mp_size = *sect_len;
num_cache_entries++;
}
}
}
/* This is the callback function used by dl_iterate_phdr (which is
called from vtv_unprotect_vtable_vars and vtv_protect_vtable_vars).
It attempts to find the binary file on disk for the INFO record
that dl_iterate_phdr passes in; open the binary file, and read its
section header information. If the file contains a
".vtable_map_vars" section, read the section offset and size. Use
the section offset and size, in conjunction with the data in INFO
to locate the pages in memory where the section is. Call
'mprotect' on those pages, setting the protection either to
read-only or read-write, depending on what's in DATA. */
static int
dl_iterate_phdr_callback (struct dl_phdr_info *info, size_t, void *data)
{
int * mprotect_flags = (int *) data;
off_t map_sect_offset = 0;
ElfW (Word) map_sect_len = 0;
char buffer[1024];
char program_name[1024];
const char *map_sect_name = VTV_PROTECTED_VARS_SECTION;
/* Check to see if this is the record for the Linux Virtual Dynamic
Shared Object (linux-vdso.so.1), which exists only in memory (and
therefore cannot be read from disk). */
if (strcmp (info->dlpi_name, "linux-vdso.so.1") == 0)
return 0;
if (strlen (info->dlpi_name) == 0
&& info->dlpi_addr != 0)
return 0;
/* Get the name of the main executable. This may or may not include
arguments passed to the program. Find the first space, assume it
is the start of the argument list, and change it to a '\0'. */
snprintf (program_name, sizeof (program_name), program_invocation_name);
read_section_offset_and_length (info, map_sect_name, *mprotect_flags,
&map_sect_offset, &map_sect_len);
if (debug_functions)
{
snprintf (buffer, sizeof(buffer),
" Looking at load module %s to change permissions to %s\n",
((strlen (info->dlpi_name) == 0) ? program_name
: info->dlpi_name),
(*mprotect_flags & PROT_WRITE) ? "READ/WRITE" : "READ-ONLY");
log_memory_protection_data (buffer);
}
/* See if we actually found the section. */
if (map_sect_offset && map_sect_len)
{
unsigned long long start;
int result;
if (debug_functions)
{
snprintf (buffer, sizeof (buffer),
" (%s): Protecting %p to %p\n",
((strlen (info->dlpi_name) == 0) ? program_name
: info->dlpi_name),
(void *) map_sect_offset,
(void *) (map_sect_offset + map_sect_len));
log_memory_protection_data (buffer);
}
/* Change the protections on the pages for the section. */
start = get_cycle_count ();
result = mprotect ((void *) map_sect_offset, map_sect_len,
*mprotect_flags);
accumulate_cycle_count (&mprotect_cycles, start);
if (result == -1)
{
if (debug_functions)
{
snprintf (buffer, sizeof (buffer),
"Failed called to mprotect for %s error: ",
(*mprotect_flags & PROT_WRITE) ?
"READ/WRITE" : "READ-ONLY");
log_memory_protection_data (buffer);
perror(NULL);
}
VTV_error();
}
else
{
if (debug_functions)
{
snprintf (buffer, sizeof (buffer),
"mprotect'ed range [%p, %p]\n",
(void *) map_sect_offset,
(char *) map_sect_offset + map_sect_len);
log_memory_protection_data (buffer);
}
}
increment_num_calls (&num_calls_to_mprotect);
/* num_pages_protected += (map_sect_len + VTV_PAGE_SIZE - 1) / VTV_PAGE_SIZE; */
num_pages_protected += (map_sect_len + 4096 - 1) / 4096;
}
return 0;
}
/* This function explicitly changes the protection (read-only or read-write)
on the vtv_sect_info_cache, which is used for speeding up look ups in the
function dl_iterate_phdr_callback. This data structure needs to be
explicitly made read-write before any calls to dl_iterate_phdr_callback,
because otherwise it may still be read-only when dl_iterate_phdr_callback
attempts to write to it.
More detailed explanation: dl_iterate_phdr_callback finds all the
.vtable_map_vars sections in all loaded objects (including the main program)
and (depending on where it was called from) either makes all the pages in the
sections read-write or read-only. The vtv_sect_info_cache should be in the
.vtable_map_vars section for libstdc++.so, which means that normally it would
be read-only until libstdc++.so is processed by dl_iterate_phdr_callback
(on the read-write pass), after which it will be writable. But if any loaded
object gets processed before libstdc++.so, it will attempt to update the
data cache, which will still be read-only, and cause a seg fault. Hence
we need a special function, called before dl_iterate_phdr_callback, that
will make the data cache writable. */
static void
change_protections_on_phdr_cache (int protection_flag)
{
char * low_address = (char *) &(vtv_sect_info_cache);
size_t cache_size = MAX_ENTRIES * sizeof (struct sect_hdr_data);
low_address = (char *) ((unsigned long) low_address & ~(VTV_PAGE_SIZE - 1));
if (mprotect ((void *) low_address, cache_size, protection_flag) == -1)
VTV_error ();
}
/* Unprotect all the vtable map vars and other side data that is used
to keep the core hash_map data. All of these data have been put
into relro sections */
static void
vtv_unprotect_vtable_vars (void)
{
int mprotect_flags;
mprotect_flags = PROT_READ | PROT_WRITE;
change_protections_on_phdr_cache (mprotect_flags);
dl_iterate_phdr (dl_iterate_phdr_callback, (void *) &mprotect_flags);
}
/* Protect all the vtable map vars and other side data that is used
to keep the core hash_map data. All of these data have been put
into relro sections */
static void
vtv_protect_vtable_vars (void)
{
int mprotect_flags;
mprotect_flags = PROT_READ;
dl_iterate_phdr (dl_iterate_phdr_callback, (void *) &mprotect_flags);
change_protections_on_phdr_cache (mprotect_flags);
}
#ifndef __GTHREAD_MUTEX_INIT
static void
initialize_change_permissions_mutexes ()
{
__GTHREAD_MUTEX_INIT_FUNCTION (&change_permissions_lock);
}
#endif
/* Variables needed for getting the statistics about the hashtable set. */
#if HASHTABLE_STATS
_AtomicStatCounter stat_contains = 0;
_AtomicStatCounter stat_insert = 0;
_AtomicStatCounter stat_resize = 0;
_AtomicStatCounter stat_create = 0;
_AtomicStatCounter stat_probes_in_non_trivial_set = 0;
_AtomicStatCounter stat_contains_size0 = 0;
_AtomicStatCounter stat_contains_size1 = 0;
_AtomicStatCounter stat_contains_size2 = 0;
_AtomicStatCounter stat_contains_size3 = 0;
_AtomicStatCounter stat_contains_size4 = 0;
_AtomicStatCounter stat_contains_size5 = 0;
_AtomicStatCounter stat_contains_size6 = 0;
_AtomicStatCounter stat_contains_size7 = 0;
_AtomicStatCounter stat_contains_size8 = 0;
_AtomicStatCounter stat_contains_size9 = 0;
_AtomicStatCounter stat_contains_size10 = 0;
_AtomicStatCounter stat_contains_size11 = 0;
_AtomicStatCounter stat_contains_size12 = 0;
_AtomicStatCounter stat_contains_size13_or_more = 0;
_AtomicStatCounter stat_contains_sizes = 0;
_AtomicStatCounter stat_grow_from_size0_to_1 = 0;
_AtomicStatCounter stat_grow_from_size1_to_2 = 0;
_AtomicStatCounter stat_double_the_number_of_buckets = 0;
_AtomicStatCounter stat_insert_found_hash_collision = 0;
_AtomicStatCounter stat_contains_in_non_trivial_set = 0;
_AtomicStatCounter stat_insert_key_that_was_already_present = 0;
#endif
/* Record statistics about the hash table sets, for debugging. */
static void
log_set_stats (void)
{
#if HASHTABLE_STATS
if (set_log_fd == -1)
set_log_fd = __vtv_open_log ("vtv_set_stats.log");
__vtv_add_to_log (set_log_fd, "---\n%s\n",
insert_only_hash_tables_stats().c_str());
#endif
}
/* Change the permissions on all the pages we have allocated for the
data sets and all the ".vtable_map_var" sections in memory (which
contain our vtable map variables). PERM indicates whether to make
the permissions read-only or read-write. */
extern "C" /* This is only being applied to __VLTChangePermission*/
void
__VLTChangePermission (int perm)
{
if (debug_functions)
{
if (perm == __VLTP_READ_WRITE)
fprintf (stdout, "Changing VLT permisisons to Read-Write.\n");
else if (perm == __VLTP_READ_ONLY)
fprintf (stdout, "Changing VLT permissions to Read-only.\n");
else
fprintf (stdout, "Unrecognized permissions value: %d\n", perm);
}
#ifndef __GTHREAD_MUTEX_INIT
static __gthread_once_t mutex_once VTV_PROTECTED_VAR = __GTHREAD_ONCE_INIT;
__gthread_once (&mutex_once, initialize_change_permissions_mutexes);
#endif
/* Ordering of these unprotect/protect calls is very important.
You first need to unprotect all the map vars and side
structures before you do anything with the core data
structures (hash_maps) */
if (perm == __VLTP_READ_WRITE)
{
/* TODO: Need to revisit this code for dlopen. It most probably
is not unlocking the protected vtable vars after for load
module that is not the first load module. */
__gthread_mutex_lock (&change_permissions_lock);
vtv_unprotect_vtable_vars ();
__vtv_malloc_init ();
__vtv_malloc_unprotect ();
}
else if (perm == __VLTP_READ_ONLY)
{
if (debug_hash)
log_set_stats();
__vtv_malloc_protect ();
vtv_protect_vtable_vars ();
__gthread_mutex_unlock (&change_permissions_lock);
}
}
/* This is the memory allocator used to create the hash table that
maps from vtable map variable name to the data set that vtable map
variable should point to. This is part of our vtable map variable
symbol resolution, which is necessary because the same vtable map
variable may be created by multiple compilation units and we need a
method to make sure that all vtable map variables for a particular
class point to the same data set at runtime. */
struct insert_only_hash_map_allocator
{
/* N is the number of bytes to allocate. */
void *
alloc (size_t n) const
{
return __vtv_malloc (n);
}
/* P points to the memory to be deallocated; N is the number of
bytes to deallocate. */
void
dealloc (void *p, size_t) const
{
__vtv_free (p);
}
};
/* Explicitly instantiate this class since this file is compiled with
-fno-implicit-templates. These are for the hash table that is used
to do vtable map variable symbol resolution. */
template class insert_only_hash_map <vtv_set_handle *,
insert_only_hash_map_allocator >;
typedef insert_only_hash_map <vtv_set_handle *,
insert_only_hash_map_allocator > s2s;
typedef const s2s::key_type vtv_symbol_key;
static s2s * vtv_symbol_unification_map VTV_PROTECTED_VAR = NULL;
const unsigned long SET_HANDLE_HANDLE_BIT = 0x2;
/* In the case where a vtable map variable is the only instance of the
variable we have seen, it points directly to the set of valid
vtable pointers. All subsequent instances of the 'same' vtable map
variable point to the first vtable map variable. This function,
given a vtable map variable PTR, checks a bit to see whether it's
pointing directly to the data set or to the first vtable map
variable. */
static inline bool
is_set_handle_handle (void * ptr)
{
return ((unsigned long) ptr & SET_HANDLE_HANDLE_BIT)
== SET_HANDLE_HANDLE_BIT;
}
/* Returns the actual pointer value of a vtable map variable, PTR (see
comments for is_set_handle_handle for more details). */
static inline vtv_set_handle *
ptr_from_set_handle_handle (void * ptr)
{
return (vtv_set_handle *) ((unsigned long) ptr & ~SET_HANDLE_HANDLE_BIT);
}
/* Given a vtable map variable, PTR, this function sets the bit that
says this is the second (or later) instance of a vtable map
variable. */
static inline vtv_set_handle_handle
set_handle_handle (vtv_set_handle * ptr)
{
return (vtv_set_handle_handle) ((unsigned long) ptr | SET_HANDLE_HANDLE_BIT);
}
static inline void
register_set_common (void **set_handle_ptr, size_t num_args,
void **vtable_ptr_array, bool debug)
{
/* Now figure out what pointer to use for the set pointer, for the
inserts. */
vtv_set_handle *handle_ptr = (vtv_set_handle *) set_handle_ptr;
if (debug)
VTV_DEBUG_ASSERT (vtv_symbol_unification_map != NULL);
if (!is_set_handle_handle (*set_handle_ptr))
handle_ptr = (vtv_set_handle *) set_handle_ptr;
else
handle_ptr = ptr_from_set_handle_handle (*set_handle_ptr);
/* Now we've got the set and it's initialized, add the vtable
pointers. */
for (size_t index = 0; index < num_args; ++index)
{
int_vptr vtbl_ptr = (int_vptr) vtable_ptr_array[index];
vtv_sets::insert (vtbl_ptr, handle_ptr);
}
}
static inline void
register_pair_common (void **set_handle_ptr, const void *vtable_ptr,
const char *set_symbol_name, const char *vtable_name,
bool debug)
{
/* Now we've got the set and it's initialized, add the vtable
pointer (assuming that it's not NULL...It may be NULL, as we may
have called this function merely to initialize the set
pointer). */
int_vptr vtbl_ptr = (int_vptr) vtable_ptr;
if (vtbl_ptr)
{
vtv_set_handle *handle_ptr = (vtv_set_handle *) set_handle_ptr;
if (debug)
VTV_DEBUG_ASSERT (vtv_symbol_unification_map != NULL);
if (!is_set_handle_handle (*set_handle_ptr))
handle_ptr = (vtv_set_handle *) set_handle_ptr;
else
handle_ptr = ptr_from_set_handle_handle (*set_handle_ptr);
vtv_sets::insert (vtbl_ptr, handle_ptr);
}
if (debug && debug_init)
{
if (init_log_fd == -1)
init_log_fd = __vtv_open_log("vtv_init.log");
__vtv_add_to_log(init_log_fd,
"Registered %s : %s (%p) 2 level deref = %s\n",
set_symbol_name, vtable_name, vtbl_ptr,
is_set_handle_handle(*set_handle_ptr) ? "yes" : "no" );
}
}
/* This routine initializes a set handle to a vtable set. It makes
sure that there is only one set handle for a particular set by
using a map from set name to pointer to set handle. Since there
will be multiple copies of the pointer to the set handle (one per
compilation unit that uses it), it makes sure to initialize all the
pointers to the set handle so that the set handle is unique. To
make this a little more efficient and avoid a level of indirection
in some cases, the first pointer to handle for a particular handle
becomes the handle itself and the other pointers will point to the
set handle. This is the debug version of this function, so it
outputs extra debugging messages and logging. SET_HANDLE_PTR is
the address of the vtable map variable, SET_SYMBOL_KEY is the hash
table key (containing the name of the map variable and the hash
value) and SIZE_HINT is a guess for the best initial size for the
set of vtable pointers that SET_HANDLE_POINTER will point to. */
static inline void
init_set_symbol_debug (void **set_handle_ptr, const void *set_symbol_key,
size_t size_hint)
{
VTV_DEBUG_ASSERT (set_handle_ptr);
if (vtv_symbol_unification_map == NULL)
{
/* TODO: For now we have chosen 1024, but we need to come up with a
better initial size for this. */
vtv_symbol_unification_map = s2s::create (1024);
VTV_DEBUG_ASSERT(vtv_symbol_unification_map);
}
vtv_set_handle *handle_ptr = (vtv_set_handle *) set_handle_ptr;
vtv_symbol_key *symbol_key_ptr = (vtv_symbol_key *) set_symbol_key;
const s2s::value_type * map_value_ptr =
vtv_symbol_unification_map->get (symbol_key_ptr);
char buffer[200];
if (map_value_ptr == NULL)
{
if (*handle_ptr != NULL)
{
snprintf (buffer, sizeof (buffer),
"*** Found non-NULL local set ptr %p missing for symbol"
" %.*s",
*handle_ptr, symbol_key_ptr->n, symbol_key_ptr->bytes);
__vtv_log_verification_failure (buffer, true);
VTV_DEBUG_ASSERT (0);
}
}
else if (*handle_ptr != NULL &&
(handle_ptr != *map_value_ptr &&
ptr_from_set_handle_handle (*handle_ptr) != *map_value_ptr))
{
VTV_DEBUG_ASSERT (*map_value_ptr != NULL);
snprintf (buffer, sizeof(buffer),
"*** Found diffence between local set ptr %p and set ptr %p"
"for symbol %.*s",
*handle_ptr, *map_value_ptr,
symbol_key_ptr->n, symbol_key_ptr->bytes);
__vtv_log_verification_failure (buffer, true);
VTV_DEBUG_ASSERT (0);
}
else if (*handle_ptr == NULL)
{
/* Execution should not reach this point. */
}
if (*handle_ptr != NULL)
{
if (!is_set_handle_handle (*set_handle_ptr))
handle_ptr = (vtv_set_handle *) set_handle_ptr;
else
handle_ptr = ptr_from_set_handle_handle (*set_handle_ptr);
vtv_sets::resize (size_hint, handle_ptr);
return;
}
VTV_DEBUG_ASSERT (*handle_ptr == NULL);
if (map_value_ptr != NULL)
{
if (*map_value_ptr == handle_ptr)
vtv_sets::resize (size_hint, *map_value_ptr);
else
{
/* The one level handle to the set already exists. So, we
are adding one level of indirection here and we will
store a pointer to the one level handle here. */
vtv_set_handle_handle * handle_handle_ptr =
(vtv_set_handle_handle *)handle_ptr;
*handle_handle_ptr = set_handle_handle(*map_value_ptr);
VTV_DEBUG_ASSERT(*handle_handle_ptr != NULL);
/* The handle can itself be NULL if the set has only
been initiazlied with size hint == 1. */
vtv_sets::resize (size_hint, *map_value_ptr);
}
}
else
{
/* We will create a new set. So, in this case handle_ptr is the
one level pointer to the set handle. Create copy of map name
in case the memory where this comes from gets unmapped by
dlclose. */
size_t map_key_len = symbol_key_ptr->n + sizeof (vtv_symbol_key);
void *map_key = __vtv_malloc (map_key_len);
memcpy (map_key, symbol_key_ptr, map_key_len);
s2s::value_type *value_ptr;
vtv_symbol_unification_map =
vtv_symbol_unification_map->find_or_add_key ((vtv_symbol_key *)map_key,
&value_ptr);
*value_ptr = handle_ptr;
/* TODO: We should verify the return value. */
vtv_sets::create (size_hint, handle_ptr);
VTV_DEBUG_ASSERT (size_hint <= 1 || *handle_ptr != NULL);
}
if (debug_init)
{
if (init_log_fd == -1)
init_log_fd = __vtv_open_log ("vtv_init.log");
__vtv_add_to_log (init_log_fd,
"Init handle:%p for symbol:%.*s hash:%u size_hint:%lu"
"number of symbols:%lu \n",
set_handle_ptr, symbol_key_ptr->n,
symbol_key_ptr->bytes, symbol_key_ptr->hash, size_hint,
vtv_symbol_unification_map->size ());
}
}
/* This routine initializes a set handle to a vtable set. It makes
sure that there is only one set handle for a particular set by
using a map from set name to pointer to set handle. Since there
will be multiple copies of the pointer to the set handle (one per
compilation unit that uses it), it makes sure to initialize all the
pointers to the set handle so that the set handle is unique. To
make this a little more efficient and avoid a level of indirection
in some cases, the first pointer to handle for a particular handle
becomes the handle itself and the other pointers will point to the
set handle. This is the debug version of this function, so it
outputs extra debugging messages and logging. SET_HANDLE_PTR is
the address of the vtable map variable, SET_SYMBOL_KEY is the hash
table key (containing the name of the map variable and the hash
value) and SIZE_HINT is a guess for the best initial size for the
set of vtable pointers that SET_HANDLE_POINTER will point to. */
void
__VLTRegisterSetDebug (void **set_handle_ptr, const void *set_symbol_key,
size_t size_hint, size_t num_args,
void **vtable_ptr_array)
{
unsigned long long start = get_cycle_count ();
increment_num_calls (&num_calls_to_regset);
VTV_DEBUG_ASSERT(set_handle_ptr != NULL);
init_set_symbol_debug (set_handle_ptr, set_symbol_key, size_hint);
register_set_common (set_handle_ptr, num_args, vtable_ptr_array, true);
accumulate_cycle_count (&regset_cycles, start);
}
/* This function takes a the address of a vtable map variable
(SET_HANDLE_PTR), a VTABLE_PTR to add to the data set, the name of
the vtable map variable (SET_SYMBOL_NAME) and the name of the
vtable (VTABLE_NAME) being pointed to. If the vtable map variable
is NULL it creates a new data set and initializes the variable,
otherwise it uses our symbol unification to find the right data
set; in either case it then adds the vtable pointer to the set.
The other two parameters are used for debugging information. */
void
__VLTRegisterPairDebug (void **set_handle_ptr, const void *set_symbol_key,
size_t size_hint, const void *vtable_ptr,
const char *set_symbol_name, const char *vtable_name)
{
unsigned long long start = get_cycle_count ();
increment_num_calls (&num_calls_to_regpair);
VTV_DEBUG_ASSERT(set_handle_ptr != NULL);
init_set_symbol_debug (set_handle_ptr, set_symbol_key, size_hint);
register_pair_common (set_handle_ptr, vtable_ptr, set_symbol_name, vtable_name,
true);
accumulate_cycle_count (&regpair_cycles, start);
}
/* This is the debug version of the verification function. It takes
the address of a vtable map variable (SET_HANDLE_PTR) and a
VTABLE_PTR to validate, as well as the name of the vtable map
variable (SET_SYMBOL_NAME) and VTABLE_NAME, which are used for
debugging messages. It checks to see if VTABLE_PTR is in the set
pointed to by SET_HANDLE_PTR. If so, it returns VTABLE_PTR,
otherwise it calls __vtv_verify_fail, which usually logs error
messages and calls abort. */
const void *
__VLTVerifyVtablePointerDebug (void **set_handle_ptr, const void *vtable_ptr,
const char *set_symbol_name,
const char *vtable_name)
{
unsigned long long start = get_cycle_count ();
VTV_DEBUG_ASSERT (set_handle_ptr != NULL && *set_handle_ptr != NULL);
int_vptr vtbl_ptr = (int_vptr) vtable_ptr;
increment_num_calls (&num_calls_to_verify_vtable);
vtv_set_handle *handle_ptr;
if (!is_set_handle_handle (*set_handle_ptr))
handle_ptr = (vtv_set_handle *) set_handle_ptr;
else
handle_ptr = ptr_from_set_handle_handle (*set_handle_ptr);
if (vtv_sets::contains (vtbl_ptr, handle_ptr))
{
if (debug_verify_vtable)
{
if (verify_vtable_log_fd == -1)
__vtv_open_log ("vtv_verify_vtable.log");
__vtv_add_to_log (verify_vtable_log_fd,
"Verified %s %s value = %p\n",
set_symbol_name, vtable_name, vtable_ptr);
}
}
else
{
/* We failed to find the vtable pointer in the set of valid
pointers. Log the error data and call the failure
function. */
snprintf (debug_log_message, sizeof (debug_log_message),
"Looking for %s in %s\n", vtable_name, set_symbol_name);
__vtv_verify_fail_debug (set_handle_ptr, vtable_ptr, debug_log_message);
/* Normally __vtv_verify_fail_debug will call abort, so we won't
execute the return below. If we get this far, the assumption
is that the programmer has replaced __vtv_verify_fail_debug
with some kind of secondary verification AND this secondary
verification succeeded, so the vtable pointer is valid. */
}
accumulate_cycle_count (&verify_vtable_cycles, start);
return vtable_ptr;
}
/* This routine initializes a set handle to a vtable set. It makes
sure that there is only one set handle for a particular set by
using a map from set name to pointer to set handle. Since there
will be multiple copies of the pointer to the set handle (one per
compilation unit that uses it), it makes sure to initialize all the
pointers to the set handle so that the set handle is unique. To
make this a little more efficient and avoid a level of indirection
in some cases, the first pointer to handle for a particular handle
becomes the handle itself and the other pointers will point to the
set handle. SET_HANDLE_PTR is the address of the vtable map
variable, SET_SYMBOL_KEY is the hash table key (containing the name
of the map variable and the hash value) and SIZE_HINT is a guess
for the best initial size for the set of vtable pointers that
SET_HANDLE_POINTER will point to.*/
static inline void
init_set_symbol (void **set_handle_ptr, const void *set_symbol_key,
size_t size_hint)
{
vtv_set_handle *handle_ptr = (vtv_set_handle *) set_handle_ptr;
if (*handle_ptr != NULL)
{
if (!is_set_handle_handle (*set_handle_ptr))
handle_ptr = (vtv_set_handle *) set_handle_ptr;
else
handle_ptr = ptr_from_set_handle_handle (*set_handle_ptr);
vtv_sets::resize (size_hint, handle_ptr);
return;
}
if (vtv_symbol_unification_map == NULL)
vtv_symbol_unification_map = s2s::create (1024);
vtv_symbol_key *symbol_key_ptr = (vtv_symbol_key *) set_symbol_key;
const s2s::value_type *map_value_ptr =
vtv_symbol_unification_map->get (symbol_key_ptr);
if (map_value_ptr != NULL)
{
if (*map_value_ptr == handle_ptr)
vtv_sets::resize (size_hint, *map_value_ptr);
else
{
/* The one level handle to the set already exists. So, we
are adding one level of indirection here and we will
store a pointer to the one level pointer here. */
vtv_set_handle_handle *handle_handle_ptr =
(vtv_set_handle_handle *) handle_ptr;
*handle_handle_ptr = set_handle_handle (*map_value_ptr);
vtv_sets::resize (size_hint, *map_value_ptr);
}
}
else
{
/* We will create a new set. So, in this case handle_ptr is the
one level pointer to the set handle. Create copy of map name
in case the memory where this comes from gets unmapped by
dlclose. */
size_t map_key_len = symbol_key_ptr->n + sizeof (vtv_symbol_key);
void * map_key = __vtv_malloc (map_key_len);
memcpy (map_key, symbol_key_ptr, map_key_len);
s2s::value_type * value_ptr;
vtv_symbol_unification_map =
vtv_symbol_unification_map->find_or_add_key ((vtv_symbol_key *)map_key,
&value_ptr);
*value_ptr = handle_ptr;
/* TODO: We should verify the return value. */
vtv_sets::create (size_hint, handle_ptr);
}
}
/* This routine initializes a set handle to a vtable set. It makes
sure that there is only one set handle for a particular set by
using a map from set name to pointer to set handle. Since there
will be multiple copies of the pointer to the set handle (one per
compilation unit that uses it), it makes sure to initialize all the
pointers to the set handle so that the set handle is unique. To
make this a little more efficient and avoid a level of indirection
in some cases, the first pointer to handle for a particular handle
becomes the handle itself and the other pointers will point to the
set handle. SET_HANDLE_PTR is the address of the vtable map
variable, SET_SYMBOL_KEY is the hash table key (containing the name
of the map variable and the hash value) and SIZE_HINT is a guess
for the best initial size for the set of vtable pointers that
SET_HANDLE_POINTER will point to.*/
void
__VLTRegisterSet (void **set_handle_ptr, const void *set_symbol_key,
size_t size_hint, size_t num_args, void **vtable_ptr_array)
{
unsigned long long start = get_cycle_count ();
increment_num_calls (&num_calls_to_regset);
init_set_symbol (set_handle_ptr, set_symbol_key, size_hint);
register_set_common (set_handle_ptr, num_args, vtable_ptr_array, false);
accumulate_cycle_count (&regset_cycles, start);
}
/* This function takes a the address of a vtable map variable
(SET_HANDLE_PTR) and a VTABLE_PTR. If the vtable map variable is
NULL it creates a new data set and initializes the variable,
otherwise it uses our symbol unification to find the right data
set; in either case it then adds the vtable pointer to the set. */
void
__VLTRegisterPair (void **set_handle_ptr, const void *set_symbol_key,
size_t size_hint, const void *vtable_ptr)
{
unsigned long long start = get_cycle_count ();
increment_num_calls (&num_calls_to_regpair);
init_set_symbol (set_handle_ptr, set_symbol_key, size_hint);
register_pair_common (set_handle_ptr, vtable_ptr, NULL, NULL, false);
accumulate_cycle_count (&regpair_cycles, start);
}
/* This is the main verification function. It takes the address of a
vtable map variable (SET_HANDLE_PTR) and a VTABLE_PTR to validate.
It checks to see if VTABLE_PTR is in the set pointed to by
SET_HANDLE_PTR. If so, it returns VTABLE_PTR, otherwise it calls
__vtv_verify_fail, which usually logs error messages and calls
abort. Since this function gets called VERY frequently, it is
important for it to be as efficient as possible. */
const void *
__VLTVerifyVtablePointer (void ** set_handle_ptr, const void * vtable_ptr)
{
unsigned long long start = get_cycle_count ();
int_vptr vtbl_ptr = (int_vptr) vtable_ptr;
vtv_set_handle *handle_ptr;
increment_num_calls (&num_calls_to_verify_vtable);
if (!is_set_handle_handle (*set_handle_ptr))
handle_ptr = (vtv_set_handle *) set_handle_ptr;
else
handle_ptr = ptr_from_set_handle_handle (*set_handle_ptr);
if (!vtv_sets::contains (vtbl_ptr, handle_ptr))
{
__vtv_verify_fail ((void **) handle_ptr, vtable_ptr);
/* Normally __vtv_verify_fail will call abort, so we won't
execute the return below. If we get this far, the assumption
is that the programmer has replaced __vtv_verify_fail with
some kind of secondary verification AND this secondary
verification succeeded, so the vtable pointer is valid. */
}
accumulate_cycle_count (&verify_vtable_cycles, start);
return vtable_ptr;
}
static int page_count_2 = 0;
static int
dl_iterate_phdr_count_pages (struct dl_phdr_info *info,
size_t unused __attribute__ ((__unused__)),
void *data)
{
int *mprotect_flags = (int *) data;
off_t map_sect_offset = 0;
ElfW (Word) map_sect_len = 0;
const char *map_sect_name = VTV_PROTECTED_VARS_SECTION;
/* Check to see if this is the record for the Linux Virtual Dynamic
Shared Object (linux-vdso.so.1), which exists only in memory (and
therefore cannot be read from disk). */
if (strcmp (info->dlpi_name, "linux-vdso.so.1") == 0)
return 0;
if (strlen (info->dlpi_name) == 0
&& info->dlpi_addr != 0)
return 0;
read_section_offset_and_length (info, map_sect_name, *mprotect_flags,
&map_sect_offset, &map_sect_len);
/* See if we actually found the section. */
if (map_sect_len)
page_count_2 += (map_sect_len + VTV_PAGE_SIZE - 1) / VTV_PAGE_SIZE;
return 0;
}
static void
count_all_pages (void)
{
int mprotect_flags;
mprotect_flags = PROT_READ;
page_count_2 = 0;
dl_iterate_phdr (dl_iterate_phdr_count_pages, (void *) &mprotect_flags);
page_count_2 += __vtv_count_mmapped_pages ();
}
void
__VLTDumpStats (void)
{
int log_fd = __vtv_open_log ("vtv-runtime-stats.log");
if (log_fd != -1)
{
count_all_pages ();
__vtv_add_to_log (log_fd,
"Calls: mprotect (%d) regset (%d) regpair (%d)"
" verify_vtable (%d)\n",
num_calls_to_mprotect, num_calls_to_regset,
num_calls_to_regpair, num_calls_to_verify_vtable);
__vtv_add_to_log (log_fd,
"Cycles: mprotect (%lld) regset (%lld) "
"regpair (%lld) verify_vtable (%lld)\n",
mprotect_cycles, regset_cycles, regpair_cycles,
verify_vtable_cycles);
__vtv_add_to_log (log_fd,
"Pages protected (1): %d\n", num_pages_protected);
__vtv_add_to_log (log_fd, "Pages protected (2): %d\n", page_count_2);
close (log_fd);
}
}
/* This function is called from __VLTVerifyVtablePointerDebug; it
sends as much debugging information as it can to the error log
file, then calls __vtv_verify_fail. SET_HANDLE_PTR is the pointer
to the set of valid vtable pointers, VTBL_PTR is the pointer that
was not found in the set, and DEBUG_MSG is the message to be
written to the log file before failing. n */
void
__vtv_verify_fail_debug (void **set_handle_ptr, const void *vtbl_ptr,
const char *debug_msg)
{
__vtv_log_verification_failure (debug_msg, false);
/* Call the public interface in case it has been overwritten by
user. */
__vtv_verify_fail (set_handle_ptr, vtbl_ptr);
__vtv_log_verification_failure ("Returned from __vtv_verify_fail."
" Secondary verification succeeded.\n", false);
}
/* This function calls __fortify_fail with a FAILURE_MSG and then
calls abort. */
void
__vtv_really_fail (const char *failure_msg)
{
__fortify_fail (failure_msg);
/* We should never get this far; __fortify_fail calls __libc_message
which prints out a back trace and a memory dump and then is
supposed to call abort, but let's play it safe anyway and call abort
ourselves. */
abort ();
}
/* This function takes an error MSG, a vtable map variable
(DATA_SET_PTR) and a vtable pointer (VTBL_PTR). It is called when
an attempt to verify VTBL_PTR with the set pointed to by
DATA_SET_PTR failed. It outputs a failure message with the
addresses involved, and calls __vtv_really_fail. */
static void
vtv_fail (const char *msg, void **data_set_ptr, const void *vtbl_ptr)
{
char buffer[128];
int buf_len;
const char *format_str =
"*** Unable to verify vtable pointer (%p) in set (%p) *** \n";
snprintf (buffer, sizeof (buffer), format_str, vtbl_ptr,
is_set_handle_handle(*data_set_ptr) ?
ptr_from_set_handle_handle (*data_set_ptr) :
*data_set_ptr);
buf_len = strlen (buffer);
/* Send this to to stderr. */
write (2, buffer, buf_len);
#ifndef VTV_NO_ABORT
__vtv_really_fail (msg);
#endif
}
/* Send information about what we were trying to do when verification
failed to the error log, then call vtv_fail. This function can be
overwritten/replaced by the user, to implement a secondary
verification function instead. DATA_SET_PTR is the vtable map
variable used for the failed verification, and VTBL_PTR is the
vtable pointer that was not found in the set. */
void
__vtv_verify_fail (void **data_set_ptr, const void *vtbl_ptr)
{
char log_msg[256];
snprintf (log_msg, sizeof (log_msg), "Looking for vtable %p in set %p.\n",
vtbl_ptr,
is_set_handle_handle (*data_set_ptr) ?
ptr_from_set_handle_handle (*data_set_ptr) :
*data_set_ptr);
__vtv_log_verification_failure (log_msg, false);
const char *format_str =
"*** Unable to verify vtable pointer (%p) in set (%p) *** \n";
snprintf (log_msg, sizeof (log_msg), format_str, vtbl_ptr, *data_set_ptr);
__vtv_log_verification_failure (log_msg, false);
__vtv_log_verification_failure (" Backtrace: \n", true);
const char *fail_msg = "Potential vtable pointer corruption detected!!\n";
vtv_fail (fail_msg, data_set_ptr, vtbl_ptr);
}