Commit fd462470 authored by vegorov@chromium.org's avatar vegorov@chromium.org

Add hinting to improve ASLR for macos (all allocations) and linux (newly added allocation types).

TEST=N/A
BUG=1749

Review URL: http://codereview.chromium.org/8115014
Patch from Cris Neckar <cdn@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9572 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 2d691d4c
...@@ -78,33 +78,6 @@ double ceiling(double x) { ...@@ -78,33 +78,6 @@ double ceiling(double x) {
static Mutex* limit_mutex = NULL; static Mutex* limit_mutex = NULL;
static void* GetRandomMmapAddr() {
Isolate* isolate = Isolate::UncheckedCurrent();
// Note that the current isolate isn't set up in a call path via
// CpuFeatures::Probe. We don't care about randomization in this case because
// the code page is immediately freed.
if (isolate != NULL) {
#ifdef V8_TARGET_ARCH_X64
uint64_t rnd1 = V8::RandomPrivate(isolate);
uint64_t rnd2 = V8::RandomPrivate(isolate);
uint64_t raw_addr = (rnd1 << 32) ^ rnd2;
// Currently available CPUs have 48 bits of virtual addressing. Truncate
// the hint address to 46 bits to give the kernel a fighting chance of
// fulfilling our placement request.
raw_addr &= V8_UINT64_C(0x3ffffffff000);
#else
uint32_t raw_addr = V8::RandomPrivate(isolate);
// The range 0x20000000 - 0x60000000 is relatively unpopulated across a
// variety of ASLR modes (PAE kernel, NX compat mode, etc).
raw_addr &= 0x3ffff000;
raw_addr += 0x20000000;
#endif
return reinterpret_cast<void*>(raw_addr);
}
return NULL;
}
void OS::Setup() { void OS::Setup() {
// Seed the random number generator. We preserve microsecond resolution. // Seed the random number generator. We preserve microsecond resolution.
uint64_t seed = Ticks() ^ (getpid() << 16); uint64_t seed = Ticks() ^ (getpid() << 16);
...@@ -386,7 +359,7 @@ void* OS::Allocate(const size_t requested, ...@@ -386,7 +359,7 @@ void* OS::Allocate(const size_t requested,
bool is_executable) { bool is_executable) {
const size_t msize = RoundUp(requested, AllocateAlignment()); const size_t msize = RoundUp(requested, AllocateAlignment());
int prot = PROT_READ | PROT_WRITE | (is_executable ? PROT_EXEC : 0); int prot = PROT_READ | PROT_WRITE | (is_executable ? PROT_EXEC : 0);
void* addr = GetRandomMmapAddr(); void* addr = OS::GetRandomMmapAddr();
void* mbase = mmap(addr, msize, prot, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); void* mbase = mmap(addr, msize, prot, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (mbase == MAP_FAILED) { if (mbase == MAP_FAILED) {
LOG(i::Isolate::Current(), LOG(i::Isolate::Current(),
...@@ -456,7 +429,12 @@ OS::MemoryMappedFile* OS::MemoryMappedFile::open(const char* name) { ...@@ -456,7 +429,12 @@ OS::MemoryMappedFile* OS::MemoryMappedFile::open(const char* name) {
int size = ftell(file); int size = ftell(file);
void* memory = void* memory =
mmap(0, size, PROT_READ | PROT_WRITE, MAP_SHARED, fileno(file), 0); mmap(OS::GetRandomMmapAddr(),
size,
PROT_READ | PROT_WRITE,
MAP_SHARED,
fileno(file),
0);
return new PosixMemoryMappedFile(file, memory, size); return new PosixMemoryMappedFile(file, memory, size);
} }
...@@ -471,7 +449,12 @@ OS::MemoryMappedFile* OS::MemoryMappedFile::create(const char* name, int size, ...@@ -471,7 +449,12 @@ OS::MemoryMappedFile* OS::MemoryMappedFile::create(const char* name, int size,
return NULL; return NULL;
} }
void* memory = void* memory =
mmap(0, size, PROT_READ | PROT_WRITE, MAP_SHARED, fileno(file), 0); mmap(OS::GetRandomMmapAddr(),
size,
PROT_READ | PROT_WRITE,
MAP_SHARED,
fileno(file),
0);
return new PosixMemoryMappedFile(file, memory, size); return new PosixMemoryMappedFile(file, memory, size);
} }
...@@ -556,8 +539,12 @@ void OS::SignalCodeMovingGC() { ...@@ -556,8 +539,12 @@ void OS::SignalCodeMovingGC() {
// kernel log. // kernel log.
int size = sysconf(_SC_PAGESIZE); int size = sysconf(_SC_PAGESIZE);
FILE* f = fopen(kGCFakeMmap, "w+"); FILE* f = fopen(kGCFakeMmap, "w+");
void* addr = mmap(NULL, size, PROT_READ | PROT_EXEC, MAP_PRIVATE, void* addr = mmap(OS::GetRandomMmapAddr(),
fileno(f), 0); size,
PROT_READ | PROT_EXEC,
MAP_PRIVATE,
fileno(f),
0);
ASSERT(addr != MAP_FAILED); ASSERT(addr != MAP_FAILED);
OS::Free(addr, size); OS::Free(addr, size);
fclose(f); fclose(f);
...@@ -614,7 +601,7 @@ VirtualMemory::VirtualMemory(size_t size, size_t alignment) ...@@ -614,7 +601,7 @@ VirtualMemory::VirtualMemory(size_t size, size_t alignment)
ASSERT(IsAligned(alignment, static_cast<intptr_t>(OS::AllocateAlignment()))); ASSERT(IsAligned(alignment, static_cast<intptr_t>(OS::AllocateAlignment())));
size_t request_size = RoundUp(size + alignment, size_t request_size = RoundUp(size + alignment,
static_cast<intptr_t>(OS::AllocateAlignment())); static_cast<intptr_t>(OS::AllocateAlignment()));
void* reservation = mmap(GetRandomMmapAddr(), void* reservation = mmap(OS::GetRandomMmapAddr(),
request_size, request_size,
PROT_NONE, PROT_NONE,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE,
...@@ -680,7 +667,7 @@ bool VirtualMemory::Uncommit(void* address, size_t size) { ...@@ -680,7 +667,7 @@ bool VirtualMemory::Uncommit(void* address, size_t size) {
void* VirtualMemory::ReserveRegion(size_t size) { void* VirtualMemory::ReserveRegion(size_t size) {
void* result = mmap(GetRandomMmapAddr(), void* result = mmap(OS::GetRandomMmapAddr(),
size, size,
PROT_NONE, PROT_NONE,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE,
......
...@@ -94,12 +94,8 @@ static Mutex* limit_mutex = NULL; ...@@ -94,12 +94,8 @@ static Mutex* limit_mutex = NULL;
void OS::Setup() { void OS::Setup() {
// Seed the random number generator. // Seed the random number generator. We preserve microsecond resolution.
// Convert the current time to a 64-bit integer first, before converting it uint64_t seed = Ticks() ^ (getpid() << 16);
// to an unsigned. Going directly will cause an overflow and the seed to be
// set to all ones. The seed will be identical for different instances that
// call this setup code within the same millisecond.
uint64_t seed = static_cast<uint64_t>(TimeCurrentMillis());
srandom(static_cast<unsigned int>(seed)); srandom(static_cast<unsigned int>(seed));
limit_mutex = CreateMutex(); limit_mutex = CreateMutex();
} }
...@@ -148,9 +144,12 @@ void* OS::Allocate(const size_t requested, ...@@ -148,9 +144,12 @@ void* OS::Allocate(const size_t requested,
bool is_executable) { bool is_executable) {
const size_t msize = RoundUp(requested, getpagesize()); const size_t msize = RoundUp(requested, getpagesize());
int prot = PROT_READ | PROT_WRITE | (is_executable ? PROT_EXEC : 0); int prot = PROT_READ | PROT_WRITE | (is_executable ? PROT_EXEC : 0);
void* mbase = mmap(NULL, msize, prot, void* mbase = mmap(OS::GetRandomMmapAddr(),
msize,
prot,
MAP_PRIVATE | MAP_ANON, MAP_PRIVATE | MAP_ANON,
kMmapFd, kMmapFdOffset); kMmapFd,
kMmapFdOffset);
if (mbase == MAP_FAILED) { if (mbase == MAP_FAILED) {
LOG(Isolate::Current(), StringEvent("OS::Allocate", "mmap failed")); LOG(Isolate::Current(), StringEvent("OS::Allocate", "mmap failed"));
return NULL; return NULL;
...@@ -207,7 +206,12 @@ OS::MemoryMappedFile* OS::MemoryMappedFile::open(const char* name) { ...@@ -207,7 +206,12 @@ OS::MemoryMappedFile* OS::MemoryMappedFile::open(const char* name) {
int size = ftell(file); int size = ftell(file);
void* memory = void* memory =
mmap(0, size, PROT_READ | PROT_WRITE, MAP_SHARED, fileno(file), 0); mmap(OS::GetRandomMmapAddr(),
size,
PROT_READ | PROT_WRITE,
MAP_SHARED,
fileno(file),
0);
return new PosixMemoryMappedFile(file, memory, size); return new PosixMemoryMappedFile(file, memory, size);
} }
...@@ -222,7 +226,12 @@ OS::MemoryMappedFile* OS::MemoryMappedFile::create(const char* name, int size, ...@@ -222,7 +226,12 @@ OS::MemoryMappedFile* OS::MemoryMappedFile::create(const char* name, int size,
return NULL; return NULL;
} }
void* memory = void* memory =
mmap(0, size, PROT_READ | PROT_WRITE, MAP_SHARED, fileno(file), 0); mmap(OS::GetRandomMmapAddr(),
size,
PROT_READ | PROT_WRITE,
MAP_SHARED,
fileno(file),
0);
return new PosixMemoryMappedFile(file, memory, size); return new PosixMemoryMappedFile(file, memory, size);
} }
...@@ -346,7 +355,7 @@ VirtualMemory::VirtualMemory(size_t size, size_t alignment) ...@@ -346,7 +355,7 @@ VirtualMemory::VirtualMemory(size_t size, size_t alignment)
ASSERT(IsAligned(alignment, static_cast<intptr_t>(OS::AllocateAlignment()))); ASSERT(IsAligned(alignment, static_cast<intptr_t>(OS::AllocateAlignment())));
size_t request_size = RoundUp(size + alignment, size_t request_size = RoundUp(size + alignment,
static_cast<intptr_t>(OS::AllocateAlignment())); static_cast<intptr_t>(OS::AllocateAlignment()));
void* reservation = mmap(NULL, void* reservation = mmap(OS::GetRandomMmapAddr(),
request_size, request_size,
PROT_NONE, PROT_NONE,
MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
...@@ -397,7 +406,7 @@ void VirtualMemory::Reset() { ...@@ -397,7 +406,7 @@ void VirtualMemory::Reset() {
void* VirtualMemory::ReserveRegion(size_t size) { void* VirtualMemory::ReserveRegion(size_t size) {
void* result = mmap(NULL, void* result = mmap(OS::GetRandomMmapAddr(),
size, size,
PROT_NONE, PROT_NONE,
MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
......
...@@ -84,6 +84,34 @@ void OS::Guard(void* address, const size_t size) { ...@@ -84,6 +84,34 @@ void OS::Guard(void* address, const size_t size) {
#endif // __CYGWIN__ #endif // __CYGWIN__
void* OS::GetRandomMmapAddr() {
Isolate* isolate = Isolate::UncheckedCurrent();
// Note that the current isolate isn't set up in a call path via
// CpuFeatures::Probe. We don't care about randomization in this case because
// the code page is immediately freed.
if (isolate != NULL) {
#ifdef V8_TARGET_ARCH_X64
uint64_t rnd1 = V8::RandomPrivate(isolate);
uint64_t rnd2 = V8::RandomPrivate(isolate);
uint64_t raw_addr = (rnd1 << 32) ^ rnd2;
// Currently available CPUs have 48 bits of virtual addressing. Truncate
// the hint address to 46 bits to give the kernel a fighting chance of
// fulfilling our placement request.
raw_addr &= V8_UINT64_C(0x3ffffffff000);
#else
uint32_t raw_addr = V8::RandomPrivate(isolate);
// The range 0x20000000 - 0x60000000 is relatively unpopulated across a
// variety of ASLR modes (PAE kernel, NX compat mode, etc) and on macos
// 10.6 and 10.7.
raw_addr &= 0x3ffff000;
raw_addr += 0x20000000;
#endif
return reinterpret_cast<void*>(raw_addr);
}
return NULL;
}
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// Math functions // Math functions
......
...@@ -178,6 +178,9 @@ class OS { ...@@ -178,6 +178,9 @@ class OS {
// Assign memory as a guard page so that access will cause an exception. // Assign memory as a guard page so that access will cause an exception.
static void Guard(void* address, const size_t size); static void Guard(void* address, const size_t size);
// Generate a random address to be used for hinting mmap().
static void* GetRandomMmapAddr();
// Get the Alignment guaranteed by Allocate(). // Get the Alignment guaranteed by Allocate().
static size_t AllocateAlignment(); static size_t AllocateAlignment();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment