1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <sys/mman.h> 18 19 #include "private/CFIShadow.h" 20 21 __attribute__((__weak__, visibility("default"))) extern "C" void __loader_cfi_fail( 22 uint64_t CallSiteTypeId, void* Ptr, void* DiagData, void* CallerPc); 23 24 // Base address of the CFI shadow. Passed down from the linker in __cfi_init() 25 // and does not change after that. The contents of the shadow change in 26 // dlopen/dlclose. 27 static struct { 28 uintptr_t v; 29 char padding[PAGE_SIZE - sizeof(v)]; 30 } shadow_base_storage alignas(PAGE_SIZE); 31 32 // __cfi_init is called by the loader as soon as the shadow is mapped. This may happen very early 33 // during startup, before libdl.so global constructors, and, on i386, even before __libc_sysinfo is 34 // initialized. This function should not do any system calls. 35 extern "C" uintptr_t* __cfi_init(uintptr_t shadow_base) { 36 shadow_base_storage.v = shadow_base; 37 static_assert(sizeof(shadow_base_storage) == PAGE_SIZE, ""); 38 return &shadow_base_storage.v; 39 } 40 41 // Returns the size of the CFI shadow mapping, or 0 if CFI is not (yet) used in this process. 42 extern "C" size_t __cfi_shadow_size() { 43 return shadow_base_storage.v != 0 ? CFIShadow::kShadowSize : 0; 44 } 45 46 static uint16_t shadow_load(void* p) { 47 uintptr_t addr = reinterpret_cast<uintptr_t>(p); 48 uintptr_t ofs = CFIShadow::MemToShadowOffset(addr); 49 if (ofs > CFIShadow::kShadowSize) return CFIShadow::kInvalidShadow; 50 return *reinterpret_cast<uint16_t*>(shadow_base_storage.v + ofs); 51 } 52 53 static uintptr_t cfi_check_addr(uint16_t v, void* Ptr) { 54 uintptr_t addr = reinterpret_cast<uintptr_t>(Ptr); 55 // The aligned range of [0, kShadowAlign) uses a single shadow element, therefore all pointers in 56 // this range must get the same aligned_addr below. This matches CFIShadowWriter::Add; not the 57 // same as align_up(). 58 uintptr_t aligned_addr = align_down(addr, CFIShadow::kShadowAlign) + CFIShadow::kShadowAlign; 59 uintptr_t p = aligned_addr - (static_cast<uintptr_t>(v - CFIShadow::kRegularShadowMin) 60 << CFIShadow::kCfiCheckGranularity); 61 #ifdef __arm__ 62 // Assume Thumb encoding. FIXME: force thumb at compile time? 63 p++; 64 #endif 65 return p; 66 } 67 68 static inline void cfi_slowpath_common(uint64_t CallSiteTypeId, void* Ptr, void* DiagData) { 69 uint16_t v = shadow_load(Ptr); 70 switch (v) { 71 case CFIShadow::kInvalidShadow: 72 __loader_cfi_fail(CallSiteTypeId, Ptr, DiagData, __builtin_return_address(0)); 73 break; 74 case CFIShadow::kUncheckedShadow: 75 break; 76 default: 77 reinterpret_cast<CFIShadow::CFICheckFn>(cfi_check_addr(v, Ptr))(CallSiteTypeId, Ptr, DiagData); 78 } 79 } 80 81 extern "C" void __cfi_slowpath(uint64_t CallSiteTypeId, void* Ptr) { 82 cfi_slowpath_common(CallSiteTypeId, Ptr, nullptr); 83 } 84 85 extern "C" void __cfi_slowpath_diag(uint64_t CallSiteTypeId, void* Ptr, void* DiagData) { 86 cfi_slowpath_common(CallSiteTypeId, Ptr, DiagData); 87 } 88