1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 /* 18 * Contributed by: Intel Corporation 19 */ 20 21 #include <gtest/gtest.h> 22 23 #include <pthread.h> 24 #include <stdint.h> 25 #include <stdio.h> 26 #include <sys/syscall.h> 27 #include <unistd.h> 28 #include <set> 29 30 #ifdef __GLIBC__ 31 32 // glibc doesn't expose gettid(2). 33 pid_t gettid() { return syscall(__NR_gettid); } 34 35 #endif 36 37 #ifdef __i386__ 38 39 // For x86, bionic and glibc have per-thread stack guard values (all identical). 40 41 static uint32_t GetGuardFromTls() { 42 uint32_t guard; 43 asm ("mov %%gs:0x14, %0": "=d" (guard)); 44 return guard; 45 } 46 47 struct stack_protector_checker { 48 std::set<pid_t> tids; 49 std::set<uint32_t> guards; 50 51 void Check() { 52 pid_t tid = gettid(); 53 uint32_t guard = GetGuardFromTls(); 54 55 printf("[thread %d] %%gs:0x14 = 0x%08x\n", tid, guard); 56 57 // Duplicate tid. gettid(2) bug? Seeing this would be very upsetting. 58 ASSERT_TRUE(tids.find(tid) == tids.end()); 59 60 // Uninitialized guard. Our bug. Note this is potentially flaky; we _could_ get 61 // four random zero bytes, but it should be vanishingly unlikely. 62 ASSERT_NE(guard, 0U); 63 64 tids.insert(tid); 65 guards.insert(guard); 66 } 67 }; 68 69 static void* ThreadGuardHelper(void* arg) { 70 stack_protector_checker* checker = reinterpret_cast<stack_protector_checker*>(arg); 71 checker->Check(); 72 return NULL; 73 } 74 75 TEST(stack_protector, same_guard_per_thread) { 76 stack_protector_checker checker; 77 size_t thread_count = 10; 78 for (size_t i = 0; i < thread_count; ++i) { 79 pthread_t t; 80 ASSERT_EQ(0, pthread_create(&t, NULL, ThreadGuardHelper, &checker)); 81 void* result; 82 ASSERT_EQ(0, pthread_join(t, &result)); 83 ASSERT_EQ(NULL, result); 84 } 85 ASSERT_EQ(thread_count, checker.tids.size()); 86 87 // bionic and glibc use the same guard for every thread. 88 ASSERT_EQ(1U, checker.guards.size()); 89 } 90 91 #endif 92 93 #if defined(__BIONIC__) || defined(__arm__) || defined(__mips__) 94 95 // For ARM and MIPS, glibc has a global stack check guard value. 96 97 // Bionic has the global for x86 too, to support binaries that can run on 98 // Android releases that didn't implement the TLS guard value. 99 100 extern "C" uintptr_t __stack_chk_guard; 101 102 TEST(stack_protector, global_guard) { 103 ASSERT_NE(0, gettid()); 104 ASSERT_NE(0U, __stack_chk_guard); 105 } 106 107 /* 108 * When this function returns, the stack canary will be inconsistent 109 * with the previous value, which will generate a call to __stack_chk_fail(), 110 * eventually resulting in a SIGABRT. 111 * 112 * This must be marked with "__attribute__ ((noinline))", to ensure the 113 * compiler generates the proper stack guards around this function. 114 */ 115 __attribute__ ((noinline)) 116 static void do_modify_stack_chk_guard() { 117 __stack_chk_guard = 0x12345678; 118 } 119 120 TEST(stack_protector_DeathTest, modify_stack_protector) { 121 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 122 ASSERT_EXIT(do_modify_stack_chk_guard(), testing::KilledBySignal(SIGABRT), ""); 123 } 124 125 #endif 126