| blob | f7bead67b54ebc08f99d07505374693f34624916 |
1 /* -----------------------------------------------------------------------
2 closures.c - Copyright (c) 2019 Anthony Green
3 Copyright (c) 2007, 2009, 2010 Red Hat, Inc.
4 Copyright (C) 2007, 2009, 2010 Free Software Foundation, Inc
5 Copyright (c) 2011 Plausible Labs Cooperative, Inc.
7 Code to allocate and deallocate memory for closures.
9 Permission is hereby granted, free of charge, to any person obtaining
10 a copy of this software and associated documentation files (the
11 ``Software''), to deal in the Software without restriction, including
12 without limitation the rights to use, copy, modify, merge, publish,
13 distribute, sublicense, and/or sell copies of the Software, and to
14 permit persons to whom the Software is furnished to do so, subject to
15 the following conditions:
17 The above copyright notice and this permission notice shall be included
18 in all copies or substantial portions of the Software.
20 THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND,
21 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
24 HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
25 WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
27 DEALINGS IN THE SOFTWARE.
28 ----------------------------------------------------------------------- */
30 #if defined __linux__ && !defined _GNU_SOURCE
31 #define _GNU_SOURCE 1
32 #endif
34 #include <fficonfig.h>
35 #include <ffi.h>
36 #include <ffi_common.h>
37 #include <tramp.h>
39 #ifdef __NetBSD__
40 #include <sys/param.h>
41 #endif
43 #if __NetBSD_Version__ - 0 >= 799007200
44 /* NetBSD with PROT_MPROTECT */
45 #include <sys/mman.h>
47 #include <stddef.h>
48 #include <unistd.h>
49 #ifdef HAVE_SYS_MEMFD_H
50 #include <sys/memfd.h>
51 #endif
58 #define ADD_TO_POINTER(p, d) ((void *)((uintptr_t)(p) + (d)))
62 {
68 /* Expect that PAX mprotect is active and a separate code mapping is necessary. */
72 /* Obtain system page size. */
76 /* Round allocation size up to the next page, keeping in mind the size field and pointer to code map. */
79 /* Primary mapping is RW, but request permission to switch to PROT_EXEC later. */
85 /* Create secondary mapping and switch it to RX. */
90 }
95 }
97 /* Remember allocation size and location of the secondary mapping for ffi_closure_free. */
102 }
104 void
106 {
115 }
117 int
119 {
121 }
124 #if !FFI_MMAP_EXEC_WRIT && !FFI_EXEC_TRAMPOLINE_TABLE
125 # if __linux__ && !defined(__ANDROID__)
126 /* This macro indicates it may be forbidden to map anonymous memory
127 with both write and execute permission. Code compiled when this
128 option is defined will attempt to map such pages once, but if it
129 fails, it falls back to creating a temporary file in a writable and
130 executable filesystem and mapping pages from it into separate
131 locations in the virtual memory space, one location writable and
132 another executable. */
133 # define FFI_MMAP_EXEC_WRIT 1
134 # define HAVE_MNTENT 1
135 # endif
136 # if defined(_WIN32) || defined(__OS2__)
137 /* Windows systems may have Data Execution Protection (DEP) enabled,
138 which requires the use of VirtualMalloc/VirtualFree to alloc/free
139 executable memory. */
140 # define FFI_MMAP_EXEC_WRIT 1
141 # endif
142 #endif
144 #if FFI_MMAP_EXEC_WRIT && !defined FFI_MMAP_EXEC_SELINUX
145 # if defined(__linux__) && !defined(__ANDROID__)
146 /* When defined to 1 check for SELinux and if SELinux is active,
147 don't attempt PROT_EXEC|PROT_WRITE mapping at all, as that
148 might cause audit messages. */
149 # define FFI_MMAP_EXEC_SELINUX 1
150 # endif
151 #endif
153 #if FFI_CLOSURES
155 #if FFI_EXEC_TRAMPOLINE_TABLE
157 #ifdef __MACH__
159 #include <mach/mach.h>
160 #include <pthread.h>
161 #ifdef HAVE_PTRAUTH
162 #include <ptrauth.h>
163 #endif
164 #include <stdio.h>
165 #include <stdlib.h>
172 struct ffi_trampoline_table
173 {
174 /* contiguous writable and executable pages */
175 vm_address_t config_page;
177 /* free list tracking */
184 };
186 struct ffi_trampoline_table_entry
187 {
190 };
192 /* Total number of trampolines that fit in one trampoline table */
193 #define FFI_TRAMPOLINE_COUNT (PAGE_MAX_SIZE / FFI_TRAMPOLINE_SIZE)
200 {
202 vm_address_t config_page;
203 vm_address_t trampoline_page;
204 vm_address_t trampoline_page_template;
205 vm_prot_t cur_prot;
206 vm_prot_t max_prot;
207 kern_return_t kt;
210 /* Allocate two pages -- a config page and a placeholder page */
213 VM_FLAGS_ANYWHERE);
217 /* Remap the trampoline table on top of the placeholder page */
220 #ifdef HAVE_PTRAUTH
221 trampoline_page_template = (vm_address_t)(uintptr_t)ptrauth_auth_data((void *)&ffi_closure_trampoline_table_page, ptrauth_key_function_pointer, 0);
222 #else
224 #endif
226 #ifdef __arm__
227 /* ffi_closure_trampoline_table_page can be thumb-biased on some ARM archs */
229 #endif
234 {
237 }
239 /* We have valid trampoline and config pages */
244 /* Create and initialize the free list */
249 {
253 #ifdef HAVE_PTRAUTH
254 entry->trampoline = ptrauth_sign_unauthenticated(entry->trampoline, ptrauth_key_function_pointer, 0);
255 #endif
259 }
264 }
266 static void
268 {
269 /* Remove from the list */
276 /* Deallocate pages */
279 /* Deallocate free list */
282 }
286 {
287 /* Create the closure */
294 /* Check for an active trampoline table with available entries. */
297 {
300 {
304 }
306 /* Insert the new table at the top of the list */
312 }
314 /* Claim the free entry */
322 /* Initialize the return values */
328 }
330 void
332 {
337 /* Fetch the table and entry references */
341 /* Return the entry to the free list */
346 /* If all trampolines within this table are free, and at least one other table exists, deallocate
347 * the table */
350 {
352 }
354 {
355 /* Otherwise, bump this table to the top of the list */
362 }
366 /* Free the closure */
368 }
370 #endif
372 // Per-target implementation; It's unclear what can reasonable be shared between two OS/architecture implementations.
376 #define USE_LOCKS 1
377 #define USE_DL_PREFIX 1
378 #ifdef __GNUC__
379 #ifndef USE_BUILTIN_FFS
380 #define USE_BUILTIN_FFS 1
381 #endif
382 #endif
384 /* We need to use mmap, not sbrk. */
385 #define HAVE_MORECORE 0
387 /* We could, in theory, support mremap, but it wouldn't buy us anything. */
388 #define HAVE_MREMAP 0
390 /* We have no use for this, so save some code and data. */
391 #define NO_MALLINFO 1
393 /* We need all allocations to be in regular segments, otherwise we
394 lose track of the corresponding code address. */
395 #define DEFAULT_MMAP_THRESHOLD MAX_SIZE_T
397 /* Don't allocate more than a page unless needed. */
398 #define DEFAULT_GRANULARITY ((size_t)malloc_getpagesize)
400 #include <sys/types.h>
401 #include <sys/stat.h>
402 #include <fcntl.h>
403 #include <errno.h>
404 #ifndef _MSC_VER
405 #include <unistd.h>
406 #endif
407 #include <string.h>
408 #include <stdio.h>
409 #if !defined(_WIN32)
410 #ifdef HAVE_MNTENT
411 #include <mntent.h>
413 #include <sys/param.h>
414 #include <pthread.h>
416 /* We don't want sys/mman.h to be included after we redefine mmap and
417 dlmunmap. */
418 #include <sys/mman.h>
419 #define LACKS_SYS_MMAN_H 1
421 #if FFI_MMAP_EXEC_SELINUX
422 #include <sys/statfs.h>
423 #include <stdlib.h>
427 static int
429 {
442 {
450 {
454 }
455 }
459 }
461 #define is_selinux_enabled() (selinux_enabled >= 0 ? selinux_enabled \
462 : (selinux_enabled = selinux_enabled_check ()))
464 #else
466 #define is_selinux_enabled() 0
470 /* On PaX enable kernels that have MPROTECT enable we can't use PROT_EXEC. */
471 #ifdef FFI_MMAP_EXEC_EMUTRAMP_PAX
472 #include <stdlib.h>
476 static int
478 {
490 {
495 }
499 }
501 #define is_emutramp_enabled() (emutramp_enabled >= 0 ? emutramp_enabled \
502 : (emutramp_enabled = emutramp_enabled_check ()))
505 #elif defined (__CYGWIN__) || defined(__INTERIX)
507 #include <sys/mman.h>
509 /* Cygwin is Linux-like, but not quite that Linux-like. */
510 #define is_selinux_enabled() 0
514 #ifndef FFI_MMAP_EXEC_EMUTRAMP_PAX
515 #define is_emutramp_enabled() 0
518 /* Declare all functions defined in dlmalloc.c as static. */
535 #if !(defined(_WIN32) || defined(__OS2__)) || defined (__CYGWIN__) || defined(__INTERIX)
536 /* Use these for mmap and munmap within dlmalloc.c. */
539 #endif /* !(defined(_WIN32) || defined(__OS2__)) || defined (__CYGWIN__) || defined(__INTERIX) */
541 #define mmap dlmmap
542 #define munmap dlmunmap
546 #undef mmap
547 #undef munmap
549 #if !(defined(_WIN32) || defined(__OS2__)) || defined (__CYGWIN__) || defined(__INTERIX)
551 /* A mutex used to synchronize access to *exec* variables in this file. */
554 /* A file descriptor of a temporary file from which we'll map
555 executable pages. */
558 /* The amount of space already allocated from the temporary file. */
561 #ifdef HAVE_MEMFD_CREATE
562 /* Open a temporary file name, and immediately unlink it. */
563 static int
565 {
569 }
570 #endif
572 /* Open a temporary file name, and immediately unlink it. */
573 static int
575 {
578 #ifdef HAVE_MKOSTEMP
580 #else
582 #endif
588 }
590 /* Open a temporary file in the named directory. */
591 static int
593 {
597 #ifdef O_TMPFILE
599 #endif
601 #ifdef O_CLOEXEC
603 #else
605 #endif
607 #ifdef O_TMPFILE
609 /* If the running system does not support the O_TMPFILE flag then retry without it. */
614 }
615 #endif
627 }
629 /* Open a temporary file in the directory in the named environment
630 variable. */
631 static int
633 {
640 }
642 #ifdef HAVE_MNTENT
643 /* Open a temporary file in an executable and writable mount point
644 listed in the mounts file. Subsequent calls with the same mounts
645 keep searching for mount points in the same file. Providing NULL
646 as the mounts file closes the file. */
647 static int
649 {
654 {
662 else
664 }
670 {
687 }
688 }
691 /* Instructions to look for a location to hold a temporary file that
692 can be mapped in for execution. */
693 static struct
694 {
699 #ifdef HAVE_MEMFD_CREATE
701 #endif
708 #ifdef HAVE_MNTENT
712 };
714 /* Current index into open_temp_exec_file_opts. */
717 /* Reset a current multi-call func, then advances to the next entry.
718 If we're at the last, go back to the first and return nonzero,
719 otherwise return zero. */
720 static int
722 {
726 open_temp_exec_file_opts_idx++;
730 {
733 }
736 }
738 /* Return a file descriptor of a temporary zero-sized file in a
739 writable and executable filesystem. */
740 static int
742 {
745 do
746 {
752 {
755 }
756 }
760 }
762 /* We need to allocate space in a file that will be backing a writable
763 mapping. Several problems exist with the usual approaches:
764 - fallocate() is Linux-only
765 - posix_fallocate() is not available on all platforms
766 - ftruncate() does not allocate space on filesystems with sparse files
767 Failure to allocate the space will cause SIGBUS to be thrown when
768 the mapping is subsequently written to. */
769 static int
771 {
774 /* Obtain system page size. */
782 {
787 }
790 }
792 /* Map in a chunk of memory from the temporary exec file into separate
793 locations in the virtual memory address space, one writable and one
794 executable. Returns the address of the writable portion, after
795 storing an offset to the corresponding executable portion at the
796 last word of the requested chunk. */
799 {
803 {
805 retry_open:
809 }
822 {
824 {
827 }
829 {
830 /* Fixme : Error logs can be added here. Returning an error for
831 * ftruncte() will not add any advantage as it is being
832 * validating in the error case. */
833 }
836 }
844 {
847 {
848 /* Fixme : Error logs can be added here. Returning an error for
849 * ftruncte() will not add any advantage as it is being
850 * validating in the error case. */
851 }
853 }
860 }
862 /* Map in a writable and executable chunk of memory if possible.
863 Failing that, fall back to dlmmap_locked. */
867 {
876 {
879 }
882 {
885 }
888 {
892 /* Cool, no need to mess with separate segments. */
895 /* If MREMAP_DUP is ever introduced and implemented, try mmap
896 with ((prot & ~PROT_WRITE) | PROT_EXEC) and mremap with
897 MREMAP_DUP and prot at this point. */
898 }
901 {
907 }
910 }
912 /* Release memory at the given address, as well as the corresponding
913 executable page if it's separate. */
914 static int
916 {
917 /* We don't bother decreasing execsize or truncating the file, since
918 we can't quite tell whether we're unmapping the end of the file.
919 We don't expect frequent deallocation anyway. If we did, we
920 could locate pages in the file by writing to the pages being
921 deallocated and checking that the file contents change.
922 Yuck. */
927 {
931 }
934 }
936 #if FFI_CLOSURE_FREE_CODE
937 /* Return segment holding given code address. */
938 static msegmentptr
940 {
948 }
949 }
950 #endif
952 #endif /* !(defined(_WIN32) || defined(__OS2__)) || defined (__CYGWIN__) || defined(__INTERIX) */
954 /* Allocate a chunk of memory with the given size. Returns a pointer
955 to the writable address, and sets *CODE to the executable
956 corresponding virtual address. */
959 {
968 {
977 {
980 }
983 }
986 }
990 {
992 /* We expect closures to be allocated with ffi_closure_alloc(), in
993 which case seg will be non-NULL. However, some users take on the
994 burden of managing this memory themselves, in which case this
995 we'll just return data. */
997 {
1001 }
1002 else
1004 }
1006 /* Release a chunk of memory allocated with ffi_closure_alloc. If
1007 FFI_CLOSURE_FREE_CODE is nonzero, the given address can be the
1008 writable or the executable address given. Otherwise, only the
1009 writable address can be provided here. */
1010 void
1012 {
1013 #if FFI_CLOSURE_FREE_CODE
1018 #endif
1023 }
1025 int
1027 {
1030 }
1034 /* On many systems, memory returned by malloc is writable and
1035 executable, so just use it. */
1037 #include <stdlib.h>
1041 {
1046 }
1048 void
1050 {
1052 }
1056 {
1058 }
1060 int
1062 {
1064 }