VirtualBox

source: vbox/trunk/src/VBox/Runtime/generic/memsafer-generic.cpp@ 56052

Last change on this file since 56052 was 52050, checked in by vboxsync, 10 years ago

RTMemSafer: Split generic from ring-3 specific page based implementation. Adjusted the ring-3 implementation to use RTMemPage when SUPR3PageAllocEx isn't available, and to separate the real data from the heap metadata to make finding the data just a little bit more difficult.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 7.2 KB
Line 
1/* $Id: memsafer-generic.cpp 52050 2014-07-16 13:53:24Z vboxsync $ */
2/** @file
3 * IPRT - Memory Allocate for Sensitive Data, generic heap-based implementation.
4 */
5
6/*
7 * Copyright (C) 2006-2014 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*******************************************************************************
29* Header Files *
30*******************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/memsafer.h>
33
34#include <iprt/assert.h>
35#include <iprt/string.h>
36
37
38/*******************************************************************************
39* Defined Constants And Macros *
40*******************************************************************************/
41/** Allocation size alignment. */
42#define RTMEMSAFER_ALIGN 16
43/** Padding after the block to avoid small overruns. */
44#define RTMEMSAFER_PAD_BEFORE 96
45/** Padding after the block to avoid small underruns. */
46#define RTMEMSAFER_PAD_AFTER 32
47
48
49/*******************************************************************************
50* Global Variables *
51*******************************************************************************/
52/** XOR scrabler value.
53 * @todo determine this at runtime */
54#if ARCH_BITS == 32
55static uintptr_t g_uScramblerXor = UINT32_C(0x867af88d);
56#elif ARCH_BITS == 64
57static uintptr_t g_uScramblerXor = UINT64_C(0xed95ecc99416d312);
58#else
59# error "Bad ARCH_BITS value"
60#endif
61
62
63
64RTDECL(int) RTMemSaferScramble(void *pv, size_t cb)
65{
66
67 AssertMsg(*(size_t *)((char *)pv - RTMEMSAFER_PAD_BEFORE) == cb,
68 ("*pvStart=%#zx cb=%#zx\n", *(size_t *)((char *)pv- RTMEMSAFER_PAD_BEFORE), cb));
69
70 /* Note! This isn't supposed to be safe, just less obvious. */
71 uintptr_t *pu = (uintptr_t *)pv;
72 cb = RT_ALIGN_Z(cb, RTMEMSAFER_ALIGN);
73 while (cb > 0)
74 {
75 *pu ^= g_uScramblerXor;
76 pu++;
77 cb -= sizeof(*pu);
78 }
79
80 return VINF_SUCCESS;
81}
82RT_EXPORT_SYMBOL(RTMemSaferScramble);
83
84
85RTDECL(int) RTMemSaferUnscramble(void *pv, size_t cb)
86{
87 AssertMsg(*(size_t *)((char *)pv - RTMEMSAFER_PAD_BEFORE) == cb,
88 ("*pvStart=%#zx cb=%#zx\n", *(size_t *)((char *)pv - RTMEMSAFER_PAD_BEFORE), cb));
89
90 /* Note! This isn't supposed to be safe, just less obvious. */
91 uintptr_t *pu = (uintptr_t *)pv;
92 cb = RT_ALIGN_Z(cb, RTMEMSAFER_ALIGN);
93 while (cb > 0)
94 {
95 *pu ^= g_uScramblerXor;
96 pu++;
97 cb -= sizeof(*pu);
98 }
99
100 return VINF_SUCCESS;
101}
102RT_EXPORT_SYMBOL(RTMemSaferUnscramble);
103
104
105RTDECL(int) RTMemSaferAllocZExTag(void **ppvNew, size_t cb, uint32_t fFlags, const char *pszTag) RT_NO_THROW
106{
107 AssertPtrReturn(ppvNew, VERR_INVALID_PARAMETER);
108 *ppvNew = NULL;
109 AssertReturn(cb, VERR_INVALID_PARAMETER);
110
111 /*
112 * We support none of the hard requirements passed thru flags.
113 */
114 if (fFlags == 0)
115 {
116 /*
117 * Don't request zeroed memory. We want random heap garbage in the
118 * padding zones, nothing that makes our allocations easier to find.
119 */
120 size_t cbUser = RT_ALIGN_Z(cb, RTMEMSAFER_ALIGN);
121 void *pvNew = RTMemAlloc(cbUser + RTMEMSAFER_PAD_BEFORE + RTMEMSAFER_PAD_AFTER);
122 if (pvNew)
123 {
124#ifdef RT_STRICT /* For checking input in string builds. */
125 memset(pvNew, 0xad, RTMEMSAFER_PAD_BEFORE);
126 memset((char *)pvNew + RTMEMSAFER_PAD_BEFORE + cb, 0xda, RTMEMSAFER_PAD_AFTER + (cbUser - cb));
127 *(size_t *)pvNew = cb;
128#endif
129
130 void *pvUser = (char *)pvNew + RTMEMSAFER_PAD_BEFORE;
131 *ppvNew = pvUser;
132
133 /* You don't use this API for performance, so we always clean memory. */
134 RT_BZERO(pvUser, cb);
135
136 return VINF_SUCCESS;
137 }
138 return VERR_NO_MEMORY;
139 }
140 AssertReturn(!(fFlags & ~RTMEMSAFER_F_VALID_MASK), VERR_INVALID_FLAGS);
141 return VWRN_UNABLE_TO_SATISFY_REQUIREMENTS;
142}
143RT_EXPORT_SYMBOL(RTMemSaferAllocZExTag);
144
145
146RTDECL(void) RTMemSaferFree(void *pv, size_t cb) RT_NO_THROW
147{
148 if (pv)
149 {
150 Assert(cb);
151 void *pvStart = (char *)pv - RTMEMSAFER_PAD_BEFORE;
152 AssertMsg(*(size_t *)pvStart == cb, ("*pvStart=%#zx cb=%#zx\n", *(size_t *)pvStart, cb));
153 RTMemWipeThoroughly(pv, RT_ALIGN_Z(cb, RTMEMSAFER_ALIGN), 3);
154 RTMemFree(pvStart);
155 }
156 else
157 Assert(cb == 0);
158}
159RT_EXPORT_SYMBOL(RTMemSaferFree);
160
161
162RTDECL(int) RTMemSaferReallocZExTag(size_t cbOld, void *pvOld, size_t cbNew, void **ppvNew, uint32_t fFlags, const char *pszTag) RT_NO_THROW
163{
164 /*
165 * We cannot let the heap move us around because we will be failing in our
166 * duty to clean things up. So, allocate a new block, copy over the old
167 * content, and free the old one.
168 */
169 int rc;
170 /* Real realloc. */
171 if (cbNew && cbOld)
172 {
173 AssertPtr(pvOld);
174 AssertMsg(*(size_t *)((char *)pvOld - RTMEMSAFER_PAD_BEFORE) == cbOld,
175 ("*pvStart=%#zx cbOld=%#zx\n", *(size_t *)((char *)pvOld - RTMEMSAFER_PAD_BEFORE), cbOld));
176
177 /*
178 * We support none of the hard requirements passed thru flags.
179 */
180 void *pvNew;
181 rc = RTMemSaferAllocZExTag(&pvNew, cbNew, fFlags, pszTag);
182 if (RT_SUCCESS(rc))
183 {
184 memcpy(pvNew, pvOld, RT_MIN(cbNew, cbOld));
185 RTMemSaferFree(pvOld, cbOld);
186 *ppvNew = pvNew;
187 }
188 }
189 /* First allocation. */
190 else if (!cbOld)
191 {
192 Assert(pvOld == NULL);
193 rc = RTMemSaferAllocZExTag(ppvNew, cbNew, fFlags, pszTag);
194 }
195 /* Free operation*/
196 else
197 {
198 RTMemSaferFree(pvOld, cbOld);
199 rc = VINF_SUCCESS;
200 }
201 return rc;
202}
203RT_EXPORT_SYMBOL(RTMemSaferReallocZExTag);
204
205
206RTDECL(void *) RTMemSaferAllocZTag(size_t cb, const char *pszTag) RT_NO_THROW
207{
208 void *pvNew = NULL;
209 int rc = RTMemSaferAllocZExTag(&pvNew, cb, 0 /*fFlags*/, pszTag);
210 if (RT_SUCCESS(rc))
211 return pvNew;
212 return NULL;
213}
214RT_EXPORT_SYMBOL(RTMemSaferAllocZTag);
215
216
217RTDECL(void *) RTMemSaferReallocZTag(size_t cbOld, void *pvOld, size_t cbNew, const char *pszTag) RT_NO_THROW
218{
219 void *pvNew = NULL;
220 int rc = RTMemSaferReallocZExTag(cbOld, pvOld, cbNew, &pvNew, 0 /*fFlags*/, pszTag);
221 if (RT_SUCCESS(rc))
222 return pvNew;
223 return NULL;
224}
225RT_EXPORT_SYMBOL(RTMemSaferReallocZTag);
226
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette