Go to most recent revision | Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
145 | halyavin | 1 | /* |
2 | * Tiny C Memory and bounds checker |
||
3 | * |
||
4 | * Copyright (c) 2002 Fabrice Bellard |
||
5 | * |
||
6 | * This program is free software; you can redistribute it and/or modify |
||
7 | * it under the terms of the GNU General Public License as published by |
||
8 | * the Free Software Foundation; either version 2 of the License, or |
||
9 | * (at your option) any later version. |
||
10 | * |
||
11 | * This program is distributed in the hope that it will be useful, |
||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
14 | * GNU General Public License for more details. |
||
15 | * |
||
16 | * You should have received a copy of the GNU General Public License |
||
17 | * along with this program; if not, write to the Free Software |
||
18 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
||
19 | */ |
||
20 | #include |
||
21 | #include |
||
22 | #include |
||
23 | #include |
||
24 | #ifndef __FreeBSD__ |
||
25 | #include |
||
26 | #endif |
||
27 | |||
28 | //#define BOUND_DEBUG |
||
29 | |||
30 | /* define so that bound array is static (faster, but use memory if |
||
31 | bound checking not used) */ |
||
32 | //#define BOUND_STATIC |
||
33 | |||
34 | /* use malloc hooks. Currently the code cannot be reliable if no hooks */ |
||
35 | #define CONFIG_TCC_MALLOC_HOOKS |
||
36 | |||
37 | #define HAVE_MEMALIGN |
||
38 | |||
39 | #if defined(__FreeBSD__) || defined(__dietlibc__) |
||
40 | #warning Bound checking not fully supported on FreeBSD |
||
41 | #undef CONFIG_TCC_MALLOC_HOOKS |
||
42 | #undef HAVE_MEMALIGN |
||
43 | #endif |
||
44 | |||
45 | #define BOUND_T1_BITS 13 |
||
46 | #define BOUND_T2_BITS 11 |
||
47 | #define BOUND_T3_BITS (32 - BOUND_T1_BITS - BOUND_T2_BITS) |
||
48 | |||
49 | #define BOUND_T1_SIZE (1 << BOUND_T1_BITS) |
||
50 | #define BOUND_T2_SIZE (1 << BOUND_T2_BITS) |
||
51 | #define BOUND_T3_SIZE (1 << BOUND_T3_BITS) |
||
52 | #define BOUND_E_BITS 4 |
||
53 | |||
54 | #define BOUND_T23_BITS (BOUND_T2_BITS + BOUND_T3_BITS) |
||
55 | #define BOUND_T23_SIZE (1 << BOUND_T23_BITS) |
||
56 | |||
57 | |||
58 | /* this pointer is generated when bound check is incorrect */ |
||
59 | #define INVALID_POINTER ((void *)(-2)) |
||
60 | /* size of an empty region */ |
||
61 | #define EMPTY_SIZE 0xffffffff |
||
62 | /* size of an invalid region */ |
||
63 | #define INVALID_SIZE 0 |
||
64 | |||
65 | typedef struct BoundEntry { |
||
66 | unsigned long start; |
||
67 | unsigned long size; |
||
68 | struct BoundEntry *next; |
||
69 | unsigned long is_invalid; /* true if pointers outside region are invalid */ |
||
70 | } BoundEntry; |
||
71 | |||
72 | /* external interface */ |
||
73 | void __bound_init(void); |
||
74 | void __bound_new_region(void *p, unsigned long size); |
||
75 | int __bound_delete_region(void *p); |
||
76 | |||
77 | #define FASTCALL __attribute__((regparm(3))) |
||
78 | |||
79 | void *__bound_malloc(size_t size, const void *caller); |
||
80 | void *__bound_memalign(size_t size, size_t align, const void *caller); |
||
81 | void __bound_free(void *ptr, const void *caller); |
||
82 | void *__bound_realloc(void *ptr, size_t size, const void *caller); |
||
83 | static void *libc_malloc(size_t size); |
||
84 | static void libc_free(void *ptr); |
||
85 | static void install_malloc_hooks(void); |
||
86 | static void restore_malloc_hooks(void); |
||
87 | |||
88 | #ifdef CONFIG_TCC_MALLOC_HOOKS |
||
89 | static void *saved_malloc_hook; |
||
90 | static void *saved_free_hook; |
||
91 | static void *saved_realloc_hook; |
||
92 | static void *saved_memalign_hook; |
||
93 | #endif |
||
94 | |||
95 | /* linker definitions */ |
||
96 | extern char _end; |
||
97 | |||
98 | /* TCC definitions */ |
||
99 | extern char __bounds_start; /* start of static bounds table */ |
||
100 | /* error message, just for TCC */ |
||
101 | const char *__bound_error_msg; |
||
102 | |||
103 | /* runtime error output */ |
||
104 | extern void rt_error(unsigned long pc, const char *fmt, ...); |
||
105 | |||
106 | #ifdef BOUND_STATIC |
||
107 | static BoundEntry *__bound_t1[BOUND_T1_SIZE]; /* page table */ |
||
108 | #else |
||
109 | static BoundEntry **__bound_t1; /* page table */ |
||
110 | #endif |
||
111 | static BoundEntry *__bound_empty_t2; /* empty page, for unused pages */ |
||
112 | static BoundEntry *__bound_invalid_t2; /* invalid page, for invalid pointers */ |
||
113 | |||
114 | static BoundEntry *__bound_find_region(BoundEntry *e1, void *p) |
||
115 | { |
||
116 | unsigned long addr, tmp; |
||
117 | BoundEntry *e; |
||
118 | |||
119 | e = e1; |
||
120 | while (e != NULL) { |
||
121 | addr = (unsigned long)p; |
||
122 | addr -= e->start; |
||
123 | if (addr <= e->size) { |
||
124 | /* put region at the head */ |
||
125 | tmp = e1->start; |
||
126 | e1->start = e->start; |
||
127 | e->start = tmp; |
||
128 | tmp = e1->size; |
||
129 | e1->size = e->size; |
||
130 | e->size = tmp; |
||
131 | return e1; |
||
132 | } |
||
133 | e = e->next; |
||
134 | } |
||
135 | /* no entry found: return empty entry or invalid entry */ |
||
136 | if (e1->is_invalid) |
||
137 | return __bound_invalid_t2; |
||
138 | else |
||
139 | return __bound_empty_t2; |
||
140 | } |
||
141 | |||
142 | /* print a bound error message */ |
||
143 | static void bound_error(const char *fmt, ...) |
||
144 | { |
||
145 | __bound_error_msg = fmt; |
||
146 | *(int *)0 = 0; /* force a runtime error */ |
||
147 | } |
||
148 | |||
149 | static void bound_alloc_error(void) |
||
150 | { |
||
151 | bound_error("not enough memory for bound checking code"); |
||
152 | } |
||
153 | |||
154 | /* currently, tcc cannot compile that because we use GNUC extensions */ |
||
155 | #if !defined(__TINYC__) |
||
156 | |||
157 | /* return '(p + offset)' for pointer arithmetic (a pointer can reach |
||
158 | the end of a region in this case */ |
||
159 | void * FASTCALL __bound_ptr_add(void *p, int offset) |
||
160 | { |
||
161 | unsigned long addr = (unsigned long)p; |
||
162 | BoundEntry *e; |
||
163 | #if defined(BOUND_DEBUG) |
||
164 | printf("add: 0x%x %d\n", (int)p, offset); |
||
165 | #endif |
||
166 | |||
167 | e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)]; |
||
168 | e = (BoundEntry *)((char *)e + |
||
169 | ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) & |
||
170 | ((BOUND_T2_SIZE - 1) << BOUND_E_BITS))); |
||
171 | addr -= e->start; |
||
172 | if (addr > e->size) { |
||
173 | e = __bound_find_region(e, p); |
||
174 | addr = (unsigned long)p - e->start; |
||
175 | } |
||
176 | addr += offset; |
||
177 | if (addr > e->size) |
||
178 | return INVALID_POINTER; /* return an invalid pointer */ |
||
179 | return p + offset; |
||
180 | } |
||
181 | |||
182 | /* return '(p + offset)' for pointer indirection (the resulting must |
||
183 | be strictly inside the region */ |
||
184 | #define BOUND_PTR_INDIR(dsize) \ |
||
185 | void * FASTCALL __bound_ptr_indir ## dsize (void *p, int offset) \ |
||
186 | { \ |
||
187 | unsigned long addr = (unsigned long)p; \ |
||
188 | BoundEntry *e; \ |
||
189 | \ |
||
190 | e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)]; \ |
||
191 | e = (BoundEntry *)((char *)e + \ |
||
192 | ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) & \ |
||
193 | ((BOUND_T2_SIZE - 1) << BOUND_E_BITS))); \ |
||
194 | addr -= e->start; \ |
||
195 | if (addr > e->size) { \ |
||
196 | e = __bound_find_region(e, p); \ |
||
197 | addr = (unsigned long)p - e->start; \ |
||
198 | } \ |
||
199 | addr += offset + dsize; \ |
||
200 | if (addr > e->size) \ |
||
201 | return INVALID_POINTER; /* return an invalid pointer */ \ |
||
202 | return p + offset; \ |
||
203 | } |
||
204 | |||
205 | #ifdef __i386__ |
||
206 | /* return the frame pointer of the caller */ |
||
207 | #define GET_CALLER_FP(fp)\ |
||
208 | {\ |
||
209 | unsigned long *fp1;\ |
||
210 | __asm__ __volatile__ ("movl %%ebp,%0" :"=g" (fp1));\ |
||
211 | fp = fp1[0];\ |
||
212 | } |
||
213 | #else |
||
214 | #error put code to extract the calling frame pointer |
||
215 | #endif |
||
216 | |||
217 | /* called when entering a function to add all the local regions */ |
||
218 | void FASTCALL __bound_local_new(void *p1) |
||
219 | { |
||
220 | unsigned long addr, size, fp, *p = p1; |
||
221 | GET_CALLER_FP(fp); |
||
222 | for(;;) { |
||
223 | addr = p[0]; |
||
224 | if (addr == 0) |
||
225 | break; |
||
226 | addr += fp; |
||
227 | size = p[1]; |
||
228 | p += 2; |
||
229 | __bound_new_region((void *)addr, size); |
||
230 | } |
||
231 | } |
||
232 | |||
233 | /* called when leaving a function to delete all the local regions */ |
||
234 | void FASTCALL __bound_local_delete(void *p1) |
||
235 | { |
||
236 | unsigned long addr, fp, *p = p1; |
||
237 | GET_CALLER_FP(fp); |
||
238 | for(;;) { |
||
239 | addr = p[0]; |
||
240 | if (addr == 0) |
||
241 | break; |
||
242 | addr += fp; |
||
243 | p += 2; |
||
244 | __bound_delete_region((void *)addr); |
||
245 | } |
||
246 | } |
||
247 | |||
248 | #else |
||
249 | |||
250 | void __bound_local_new(void *p) |
||
251 | { |
||
252 | } |
||
253 | void __bound_local_delete(void *p) |
||
254 | { |
||
255 | } |
||
256 | |||
257 | void *__bound_ptr_add(void *p, int offset) |
||
258 | { |
||
259 | return p + offset; |
||
260 | } |
||
261 | |||
262 | #define BOUND_PTR_INDIR(dsize) \ |
||
263 | void *__bound_ptr_indir ## dsize (void *p, int offset) \ |
||
264 | { \ |
||
265 | return p + offset; \ |
||
266 | } |
||
267 | #endif |
||
268 | |||
269 | BOUND_PTR_INDIR(1) |
||
270 | BOUND_PTR_INDIR(2) |
||
271 | BOUND_PTR_INDIR(4) |
||
272 | BOUND_PTR_INDIR(8) |
||
273 | BOUND_PTR_INDIR(12) |
||
274 | BOUND_PTR_INDIR(16) |
||
275 | |||
276 | static BoundEntry *__bound_new_page(void) |
||
277 | { |
||
278 | BoundEntry *page; |
||
279 | int i; |
||
280 | |||
281 | page = libc_malloc(sizeof(BoundEntry) * BOUND_T2_SIZE); |
||
282 | if (!page) |
||
283 | bound_alloc_error(); |
||
284 | for(i=0;i |
||
285 | /* put empty entries */ |
||
286 | page[i].start = 0; |
||
287 | page[i].size = EMPTY_SIZE; |
||
288 | page[i].next = NULL; |
||
289 | page[i].is_invalid = 0; |
||
290 | } |
||
291 | return page; |
||
292 | } |
||
293 | |||
294 | /* currently we use malloc(). Should use bound_new_page() */ |
||
295 | static BoundEntry *bound_new_entry(void) |
||
296 | { |
||
297 | BoundEntry *e; |
||
298 | e = libc_malloc(sizeof(BoundEntry)); |
||
299 | return e; |
||
300 | } |
||
301 | |||
302 | static void bound_free_entry(BoundEntry *e) |
||
303 | { |
||
304 | libc_free(e); |
||
305 | } |
||
306 | |||
307 | static inline BoundEntry *get_page(int index) |
||
308 | { |
||
309 | BoundEntry *page; |
||
310 | page = __bound_t1[index]; |
||
311 | if (page == __bound_empty_t2 || page == __bound_invalid_t2) { |
||
312 | /* create a new page if necessary */ |
||
313 | page = __bound_new_page(); |
||
314 | __bound_t1[index] = page; |
||
315 | } |
||
316 | return page; |
||
317 | } |
||
318 | |||
319 | /* mark a region as being invalid (can only be used during init) */ |
||
320 | static void mark_invalid(unsigned long addr, unsigned long size) |
||
321 | { |
||
322 | unsigned long start, end; |
||
323 | BoundEntry *page; |
||
324 | int t1_start, t1_end, i, j, t2_start, t2_end; |
||
325 | |||
326 | start = addr; |
||
327 | end = addr + size; |
||
328 | |||
329 | t2_start = (start + BOUND_T3_SIZE - 1) >> BOUND_T3_BITS; |
||
330 | if (end != 0) |
||
331 | t2_end = end >> BOUND_T3_BITS; |
||
332 | else |
||
333 | t2_end = 1 << (BOUND_T1_BITS + BOUND_T2_BITS); |
||
334 | |||
335 | #if 0 |
||
336 | printf("mark_invalid: start = %x %x\n", t2_start, t2_end); |
||
337 | #endif |
||
338 | |||
339 | /* first we handle full pages */ |
||
340 | t1_start = (t2_start + BOUND_T2_SIZE - 1) >> BOUND_T2_BITS; |
||
341 | t1_end = t2_end >> BOUND_T2_BITS; |
||
342 | |||
343 | i = t2_start & (BOUND_T2_SIZE - 1); |
||
344 | j = t2_end & (BOUND_T2_SIZE - 1); |
||
345 | |||
346 | if (t1_start == t1_end) { |
||
347 | page = get_page(t2_start >> BOUND_T2_BITS); |
||
348 | for(; i < j; i++) { |
||
349 | page[i].size = INVALID_SIZE; |
||
350 | page[i].is_invalid = 1; |
||
351 | } |
||
352 | } else { |
||
353 | if (i > 0) { |
||
354 | page = get_page(t2_start >> BOUND_T2_BITS); |
||
355 | for(; i < BOUND_T2_SIZE; i++) { |
||
356 | page[i].size = INVALID_SIZE; |
||
357 | page[i].is_invalid = 1; |
||
358 | } |
||
359 | } |
||
360 | for(i = t1_start; i < t1_end; i++) { |
||
361 | __bound_t1[i] = __bound_invalid_t2; |
||
362 | } |
||
363 | if (j != 0) { |
||
364 | page = get_page(t1_end); |
||
365 | for(i = 0; i < j; i++) { |
||
366 | page[i].size = INVALID_SIZE; |
||
367 | page[i].is_invalid = 1; |
||
368 | } |
||
369 | } |
||
370 | } |
||
371 | } |
||
372 | |||
373 | void __bound_init(void) |
||
374 | { |
||
375 | int i; |
||
376 | BoundEntry *page; |
||
377 | unsigned long start, size; |
||
378 | int *p; |
||
379 | |||
380 | /* save malloc hooks and install bound check hooks */ |
||
381 | install_malloc_hooks(); |
||
382 | |||
383 | #ifndef BOUND_STATIC |
||
384 | __bound_t1 = libc_malloc(BOUND_T1_SIZE * sizeof(BoundEntry *)); |
||
385 | if (!__bound_t1) |
||
386 | bound_alloc_error(); |
||
387 | #endif |
||
388 | __bound_empty_t2 = __bound_new_page(); |
||
389 | for(i=0;i |
||
390 | __bound_t1[i] = __bound_empty_t2; |
||
391 | } |
||
392 | |||
393 | page = __bound_new_page(); |
||
394 | for(i=0;i |
||
395 | /* put invalid entries */ |
||
396 | page[i].start = 0; |
||
397 | page[i].size = INVALID_SIZE; |
||
398 | page[i].next = NULL; |
||
399 | page[i].is_invalid = 1; |
||
400 | } |
||
401 | __bound_invalid_t2 = page; |
||
402 | |||
403 | /* invalid pointer zone */ |
||
404 | start = (unsigned long)INVALID_POINTER & ~(BOUND_T23_SIZE - 1); |
||
405 | size = BOUND_T23_SIZE; |
||
406 | mark_invalid(start, size); |
||
407 | |||
408 | #if !defined(__TINYC__) && defined(CONFIG_TCC_MALLOC_HOOKS) |
||
409 | /* malloc zone is also marked invalid. can only use that with |
||
410 | hooks because all libs should use the same malloc. The solution |
||
411 | would be to build a new malloc for tcc. */ |
||
412 | start = (unsigned long)&_end; |
||
413 | size = 128 * 0x100000; |
||
414 | mark_invalid(start, size); |
||
415 | #endif |
||
416 | |||
417 | /* add all static bound check values */ |
||
418 | p = (int *)&__bounds_start; |
||
419 | while (p[0] != 0) { |
||
420 | __bound_new_region((void *)p[0], p[1]); |
||
421 | p += 2; |
||
422 | } |
||
423 | } |
||
424 | |||
425 | static inline void add_region(BoundEntry *e, |
||
426 | unsigned long start, unsigned long size) |
||
427 | { |
||
428 | BoundEntry *e1; |
||
429 | if (e->start == 0) { |
||
430 | /* no region : add it */ |
||
431 | e->start = start; |
||
432 | e->size = size; |
||
433 | } else { |
||
434 | /* already regions in the list: add it at the head */ |
||
435 | e1 = bound_new_entry(); |
||
436 | e1->start = e->start; |
||
437 | e1->size = e->size; |
||
438 | e1->next = e->next; |
||
439 | e->start = start; |
||
440 | e->size = size; |
||
441 | e->next = e1; |
||
442 | } |
||
443 | } |
||
444 | |||
445 | /* create a new region. It should not already exist in the region list */ |
||
446 | void __bound_new_region(void *p, unsigned long size) |
||
447 | { |
||
448 | unsigned long start, end; |
||
449 | BoundEntry *page, *e, *e2; |
||
450 | int t1_start, t1_end, i, t2_start, t2_end; |
||
451 | |||
452 | start = (unsigned long)p; |
||
453 | end = start + size; |
||
454 | t1_start = start >> (BOUND_T2_BITS + BOUND_T3_BITS); |
||
455 | t1_end = end >> (BOUND_T2_BITS + BOUND_T3_BITS); |
||
456 | |||
457 | /* start */ |
||
458 | page = get_page(t1_start); |
||
459 | t2_start = (start >> (BOUND_T3_BITS - BOUND_E_BITS)) & |
||
460 | ((BOUND_T2_SIZE - 1) << BOUND_E_BITS); |
||
461 | t2_end = (end >> (BOUND_T3_BITS - BOUND_E_BITS)) & |
||
462 | ((BOUND_T2_SIZE - 1) << BOUND_E_BITS); |
||
463 | #ifdef BOUND_DEBUG |
||
464 | printf("new %lx %lx %x %x %x %x\n", |
||
465 | start, end, t1_start, t1_end, t2_start, t2_end); |
||
466 | #endif |
||
467 | |||
468 | e = (BoundEntry *)((char *)page + t2_start); |
||
469 | add_region(e, start, size); |
||
470 | |||
471 | if (t1_end == t1_start) { |
||
472 | /* same ending page */ |
||
473 | e2 = (BoundEntry *)((char *)page + t2_end); |
||
474 | if (e2 > e) { |
||
475 | e++; |
||
476 | for(;e |
||
477 | e->start = start; |
||
478 | e->size = size; |
||
479 | } |
||
480 | add_region(e, start, size); |
||
481 | } |
||
482 | } else { |
||
483 | /* mark until end of page */ |
||
484 | e2 = page + BOUND_T2_SIZE; |
||
485 | e++; |
||
486 | for(;e |
||
487 | e->start = start; |
||
488 | e->size = size; |
||
489 | } |
||
490 | /* mark intermediate pages, if any */ |
||
491 | for(i=t1_start+1;i |
||
492 | page = get_page(i); |
||
493 | e2 = page + BOUND_T2_SIZE; |
||
494 | for(e=page;e |
||
495 | e->start = start; |
||
496 | e->size = size; |
||
497 | } |
||
498 | } |
||
499 | /* last page */ |
||
500 | page = get_page(t1_end); |
||
501 | e2 = (BoundEntry *)((char *)page + t2_end); |
||
502 | for(e=page;e |
||
503 | e->start = start; |
||
504 | e->size = size; |
||
505 | } |
||
506 | add_region(e, start, size); |
||
507 | } |
||
508 | } |
||
509 | |||
510 | /* delete a region */ |
||
511 | static inline void delete_region(BoundEntry *e, |
||
512 | void *p, unsigned long empty_size) |
||
513 | { |
||
514 | unsigned long addr; |
||
515 | BoundEntry *e1; |
||
516 | |||
517 | addr = (unsigned long)p; |
||
518 | addr -= e->start; |
||
519 | if (addr <= e->size) { |
||
520 | /* region found is first one */ |
||
521 | e1 = e->next; |
||
522 | if (e1 == NULL) { |
||
523 | /* no more region: mark it empty */ |
||
524 | e->start = 0; |
||
525 | e->size = empty_size; |
||
526 | } else { |
||
527 | /* copy next region in head */ |
||
528 | e->start = e1->start; |
||
529 | e->size = e1->size; |
||
530 | e->next = e1->next; |
||
531 | bound_free_entry(e1); |
||
532 | } |
||
533 | } else { |
||
534 | /* find the matching region */ |
||
535 | for(;;) { |
||
536 | e1 = e; |
||
537 | e = e->next; |
||
538 | /* region not found: do nothing */ |
||
539 | if (e == NULL) |
||
540 | break; |
||
541 | addr = (unsigned long)p - e->start; |
||
542 | if (addr <= e->size) { |
||
543 | /* found: remove entry */ |
||
544 | e1->next = e->next; |
||
545 | bound_free_entry(e); |
||
546 | break; |
||
547 | } |
||
548 | } |
||
549 | } |
||
550 | } |
||
551 | |||
552 | /* WARNING: 'p' must be the starting point of the region. */ |
||
553 | /* return non zero if error */ |
||
554 | int __bound_delete_region(void *p) |
||
555 | { |
||
556 | unsigned long start, end, addr, size, empty_size; |
||
557 | BoundEntry *page, *e, *e2; |
||
558 | int t1_start, t1_end, t2_start, t2_end, i; |
||
559 | |||
560 | start = (unsigned long)p; |
||
561 | t1_start = start >> (BOUND_T2_BITS + BOUND_T3_BITS); |
||
562 | t2_start = (start >> (BOUND_T3_BITS - BOUND_E_BITS)) & |
||
563 | ((BOUND_T2_SIZE - 1) << BOUND_E_BITS); |
||
564 | |||
565 | /* find region size */ |
||
566 | page = __bound_t1[t1_start]; |
||
567 | e = (BoundEntry *)((char *)page + t2_start); |
||
568 | addr = start - e->start; |
||
569 | if (addr > e->size) |
||
570 | e = __bound_find_region(e, p); |
||
571 | /* test if invalid region */ |
||
572 | if (e->size == EMPTY_SIZE || (unsigned long)p != e->start) |
||
573 | return -1; |
||
574 | /* compute the size we put in invalid regions */ |
||
575 | if (e->is_invalid) |
||
576 | empty_size = INVALID_SIZE; |
||
577 | else |
||
578 | empty_size = EMPTY_SIZE; |
||
579 | size = e->size; |
||
580 | end = start + size; |
||
581 | |||
582 | /* now we can free each entry */ |
||
583 | t1_end = end >> (BOUND_T2_BITS + BOUND_T3_BITS); |
||
584 | t2_end = (end >> (BOUND_T3_BITS - BOUND_E_BITS)) & |
||
585 | ((BOUND_T2_SIZE - 1) << BOUND_E_BITS); |
||
586 | |||
587 | delete_region(e, p, empty_size); |
||
588 | if (t1_end == t1_start) { |
||
589 | /* same ending page */ |
||
590 | e2 = (BoundEntry *)((char *)page + t2_end); |
||
591 | if (e2 > e) { |
||
592 | e++; |
||
593 | for(;e |
||
594 | e->start = 0; |
||
595 | e->size = empty_size; |
||
596 | } |
||
597 | delete_region(e, p, empty_size); |
||
598 | } |
||
599 | } else { |
||
600 | /* mark until end of page */ |
||
601 | e2 = page + BOUND_T2_SIZE; |
||
602 | e++; |
||
603 | for(;e |
||
604 | e->start = 0; |
||
605 | e->size = empty_size; |
||
606 | } |
||
607 | /* mark intermediate pages, if any */ |
||
608 | /* XXX: should free them */ |
||
609 | for(i=t1_start+1;i |
||
610 | page = get_page(i); |
||
611 | e2 = page + BOUND_T2_SIZE; |
||
612 | for(e=page;e |
||
613 | e->start = 0; |
||
614 | e->size = empty_size; |
||
615 | } |
||
616 | } |
||
617 | /* last page */ |
||
618 | page = get_page(t2_end); |
||
619 | e2 = (BoundEntry *)((char *)page + t2_end); |
||
620 | for(e=page;e |
||
621 | e->start = 0; |
||
622 | e->size = empty_size; |
||
623 | } |
||
624 | delete_region(e, p, empty_size); |
||
625 | } |
||
626 | return 0; |
||
627 | } |
||
628 | |||
629 | /* return the size of the region starting at p, or EMPTY_SIZE if non |
||
630 | existant region. */ |
||
631 | static unsigned long get_region_size(void *p) |
||
632 | { |
||
633 | unsigned long addr = (unsigned long)p; |
||
634 | BoundEntry *e; |
||
635 | |||
636 | e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)]; |
||
637 | e = (BoundEntry *)((char *)e + |
||
638 | ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) & |
||
639 | ((BOUND_T2_SIZE - 1) << BOUND_E_BITS))); |
||
640 | addr -= e->start; |
||
641 | if (addr > e->size) |
||
642 | e = __bound_find_region(e, p); |
||
643 | if (e->start != (unsigned long)p) |
||
644 | return EMPTY_SIZE; |
||
645 | return e->size; |
||
646 | } |
||
647 | |||
648 | /* patched memory functions */ |
||
649 | |||
650 | static void install_malloc_hooks(void) |
||
651 | { |
||
652 | #ifdef CONFIG_TCC_MALLOC_HOOKS |
||
653 | saved_malloc_hook = __malloc_hook; |
||
654 | saved_free_hook = __free_hook; |
||
655 | saved_realloc_hook = __realloc_hook; |
||
656 | saved_memalign_hook = __memalign_hook; |
||
657 | __malloc_hook = __bound_malloc; |
||
658 | __free_hook = __bound_free; |
||
659 | __realloc_hook = __bound_realloc; |
||
660 | __memalign_hook = __bound_memalign; |
||
661 | #endif |
||
662 | } |
||
663 | |||
664 | static void restore_malloc_hooks(void) |
||
665 | { |
||
666 | #ifdef CONFIG_TCC_MALLOC_HOOKS |
||
667 | __malloc_hook = saved_malloc_hook; |
||
668 | __free_hook = saved_free_hook; |
||
669 | __realloc_hook = saved_realloc_hook; |
||
670 | __memalign_hook = saved_memalign_hook; |
||
671 | #endif |
||
672 | } |
||
673 | |||
674 | static void *libc_malloc(size_t size) |
||
675 | { |
||
676 | void *ptr; |
||
677 | restore_malloc_hooks(); |
||
678 | ptr = malloc(size); |
||
679 | install_malloc_hooks(); |
||
680 | return ptr; |
||
681 | } |
||
682 | |||
683 | static void libc_free(void *ptr) |
||
684 | { |
||
685 | restore_malloc_hooks(); |
||
686 | free(ptr); |
||
687 | install_malloc_hooks(); |
||
688 | } |
||
689 | |||
690 | /* XXX: we should use a malloc which ensure that it is unlikely that |
||
691 | two malloc'ed data have the same address if 'free' are made in |
||
692 | between. */ |
||
693 | void *__bound_malloc(size_t size, const void *caller) |
||
694 | { |
||
695 | void *ptr; |
||
696 | |||
697 | /* we allocate one more byte to ensure the regions will be |
||
698 | separated by at least one byte. With the glibc malloc, it may |
||
699 | be in fact not necessary */ |
||
700 | ptr = libc_malloc(size + 1); |
||
701 | |||
702 | if (!ptr) |
||
703 | return NULL; |
||
704 | __bound_new_region(ptr, size); |
||
705 | return ptr; |
||
706 | } |
||
707 | |||
708 | void *__bound_memalign(size_t size, size_t align, const void *caller) |
||
709 | { |
||
710 | void *ptr; |
||
711 | |||
712 | restore_malloc_hooks(); |
||
713 | |||
714 | #ifndef HAVE_MEMALIGN |
||
715 | if (align > 4) { |
||
716 | /* XXX: handle it ? */ |
||
717 | ptr = NULL; |
||
718 | } else { |
||
719 | /* we suppose that malloc aligns to at least four bytes */ |
||
720 | ptr = malloc(size + 1); |
||
721 | } |
||
722 | #else |
||
723 | /* we allocate one more byte to ensure the regions will be |
||
724 | separated by at least one byte. With the glibc malloc, it may |
||
725 | be in fact not necessary */ |
||
726 | ptr = memalign(size + 1, align); |
||
727 | #endif |
||
728 | |||
729 | install_malloc_hooks(); |
||
730 | |||
731 | if (!ptr) |
||
732 | return NULL; |
||
733 | __bound_new_region(ptr, size); |
||
734 | return ptr; |
||
735 | } |
||
736 | |||
737 | void __bound_free(void *ptr, const void *caller) |
||
738 | { |
||
739 | if (ptr == NULL) |
||
740 | return; |
||
741 | if (__bound_delete_region(ptr) != 0) |
||
742 | bound_error("freeing invalid region"); |
||
743 | |||
744 | libc_free(ptr); |
||
745 | } |
||
746 | |||
747 | void *__bound_realloc(void *ptr, size_t size, const void *caller) |
||
748 | { |
||
749 | void *ptr1; |
||
750 | int old_size; |
||
751 | |||
752 | if (size == 0) { |
||
753 | __bound_free(ptr, caller); |
||
754 | return NULL; |
||
755 | } else { |
||
756 | ptr1 = __bound_malloc(size, caller); |
||
757 | if (ptr == NULL || ptr1 == NULL) |
||
758 | return ptr1; |
||
759 | old_size = get_region_size(ptr); |
||
760 | if (old_size == EMPTY_SIZE) |
||
761 | bound_error("realloc'ing invalid pointer"); |
||
762 | memcpy(ptr1, ptr, old_size); |
||
763 | __bound_free(ptr, caller); |
||
764 | return ptr1; |
||
765 | } |
||
766 | } |
||
767 | |||
768 | #ifndef CONFIG_TCC_MALLOC_HOOKS |
||
769 | void *__bound_calloc(size_t nmemb, size_t size) |
||
770 | { |
||
771 | void *ptr; |
||
772 | size = size * nmemb; |
||
773 | ptr = __bound_malloc(size, NULL); |
||
774 | if (!ptr) |
||
775 | return NULL; |
||
776 | memset(ptr, 0, size); |
||
777 | return ptr; |
||
778 | } |
||
779 | #endif |
||
780 | |||
781 | #if 0 |
||
782 | static void bound_dump(void) |
||
783 | { |
||
784 | BoundEntry *page, *e; |
||
785 | int i, j; |
||
786 | |||
787 | printf("region dump:\n"); |
||
788 | for(i=0;i |
||
789 | page = __bound_t1[i]; |
||
790 | for(j=0;j |
||
791 | e = page + j; |
||
792 | /* do not print invalid or empty entries */ |
||
793 | if (e->size != EMPTY_SIZE && e->start != 0) { |
||
794 | printf("%08x:", |
||
795 | (i << (BOUND_T2_BITS + BOUND_T3_BITS)) + |
||
796 | (j << BOUND_T3_BITS)); |
||
797 | do { |
||
798 | printf(" %08lx:%08lx", e->start, e->start + e->size); |
||
799 | e = e->next; |
||
800 | } while (e != NULL); |
||
801 | printf("\n"); |
||
802 | } |
||
803 | } |
||
804 | } |
||
805 | } |
||
806 | #endif |
||
807 | |||
808 | /* some useful checked functions */ |
||
809 | |||
810 | /* check that (p ... p + size - 1) lies inside 'p' region, if any */ |
||
811 | static void __bound_check(const void *p, size_t size) |
||
812 | { |
||
813 | if (size == 0) |
||
814 | return; |
||
815 | p = __bound_ptr_add((void *)p, size); |
||
816 | if (p == INVALID_POINTER) |
||
817 | bound_error("invalid pointer"); |
||
818 | } |
||
819 | |||
820 | void *__bound_memcpy(void *dst, const void *src, size_t size) |
||
821 | { |
||
822 | __bound_check(dst, size); |
||
823 | __bound_check(src, size); |
||
824 | /* check also region overlap */ |
||
825 | if (src >= dst && src < dst + size) |
||
826 | bound_error("overlapping regions in memcpy()"); |
||
827 | return memcpy(dst, src, size); |
||
828 | } |
||
829 | |||
830 | void *__bound_memmove(void *dst, const void *src, size_t size) |
||
831 | { |
||
832 | __bound_check(dst, size); |
||
833 | __bound_check(src, size); |
||
834 | return memmove(dst, src, size); |
||
835 | } |
||
836 | |||
837 | void *__bound_memset(void *dst, int c, size_t size) |
||
838 | { |
||
839 | __bound_check(dst, size); |
||
840 | return memset(dst, c, size); |
||
841 | } |
||
842 | |||
843 | /* XXX: could be optimized */ |
||
844 | int __bound_strlen(const char *s) |
||
845 | { |
||
846 | const char *p; |
||
847 | int len; |
||
848 | |||
849 | len = 0; |
||
850 | for(;;) { |
||
851 | p = __bound_ptr_indir1((char *)s, len); |
||
852 | if (p == INVALID_POINTER) |
||
853 | bound_error("bad pointer in strlen()"); |
||
854 | if (*p == '\0') |
||
855 | break; |
||
856 | len++; |
||
857 | } |
||
858 | return len; |
||
859 | } |
||
860 | |||
861 | char *__bound_strcpy(char *dst, const char *src) |
||
862 | { |
||
863 | int len; |
||
864 | len = __bound_strlen(src); |
||
865 | return __bound_memcpy(dst, src, len + 1); |
||
866 | }>><>><>><>><>><>=>=>><>><>>>>>><>><>><>=>><>><>><>><> |
||
867 |