/src/botan/src/lib/utils/os_utils.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * OS and machine specific utility functions |
3 | | * (C) 2015,2016,2017,2018 Jack Lloyd |
4 | | * (C) 2016 Daniel Neus |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/internal/os_utils.h> |
10 | | #include <botan/internal/cpuid.h> |
11 | | #include <botan/exceptn.h> |
12 | | #include <botan/mem_ops.h> |
13 | | |
14 | | #include <algorithm> |
15 | | #include <chrono> |
16 | | #include <cstdlib> |
17 | | |
18 | | #if defined(BOTAN_TARGET_OS_HAS_THREADS) |
19 | | #include <thread> |
20 | | #endif |
21 | | |
22 | | #if defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) |
23 | | #include <string.h> |
24 | | #endif |
25 | | |
26 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
27 | | #include <sys/types.h> |
28 | | #include <sys/resource.h> |
29 | | #include <sys/mman.h> |
30 | | #include <signal.h> |
31 | | #include <stdlib.h> |
32 | | #include <setjmp.h> |
33 | | #include <unistd.h> |
34 | | #include <errno.h> |
35 | | #include <termios.h> |
36 | | #undef B0 |
37 | | #endif |
38 | | |
39 | | #if defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
40 | | #include <emscripten/emscripten.h> |
41 | | #endif |
42 | | |
43 | | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) || defined(BOTAN_TARGET_OS_IS_ANDROID) || \ |
44 | | defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) |
45 | | #include <sys/auxv.h> |
46 | | #endif |
47 | | |
48 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) |
49 | | #define NOMINMAX 1 |
50 | | #define _WINSOCKAPI_ // stop windows.h including winsock.h |
51 | | #include <windows.h> |
52 | | #endif |
53 | | |
54 | | #if defined(BOTAN_TARGET_OS_IS_ANDROID) |
55 | | #include <elf.h> |
56 | | extern "C" char **environ; |
57 | | #endif |
58 | | |
59 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
60 | | #include <sys/types.h> |
61 | | #include <sys/sysctl.h> |
62 | | #include <mach/vm_statistics.h> |
63 | | #endif |
64 | | |
65 | | namespace Botan { |
66 | | |
67 | | // Not defined in OS namespace for historical reasons |
68 | | void secure_scrub_memory(void* ptr, size_t n) |
69 | 84.0M | { |
70 | | #if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY) |
71 | | ::RtlSecureZeroMemory(ptr, n); |
72 | | |
73 | | #elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) |
74 | | ::explicit_bzero(ptr, n); |
75 | | |
76 | | #elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_MEMSET) |
77 | | (void)::explicit_memset(ptr, 0, n); |
78 | | |
79 | | #elif defined(BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO) && (BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO == 1) |
80 | | /* |
81 | | Call memset through a static volatile pointer, which the compiler |
82 | | should not elide. This construct should be safe in conforming |
83 | | compilers, but who knows. I did confirm that on x86-64 GCC 6.1 and |
84 | | Clang 3.8 both create code that saves the memset address in the |
85 | | data segment and unconditionally loads and jumps to that address. |
86 | | */ |
87 | 84.0M | static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset; |
88 | 84.0M | (memset_ptr)(ptr, 0, n); |
89 | | #else |
90 | | |
91 | | volatile uint8_t* p = reinterpret_cast<volatile uint8_t*>(ptr); |
92 | | |
93 | | for(size_t i = 0; i != n; ++i) |
94 | | p[i] = 0; |
95 | | #endif |
96 | 84.0M | } |
97 | | |
98 | | uint32_t OS::get_process_id() |
99 | 473k | { |
100 | 473k | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
101 | 473k | return ::getpid(); |
102 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) |
103 | | return ::GetCurrentProcessId(); |
104 | | #elif defined(BOTAN_TARGET_OS_IS_INCLUDEOS) || defined(BOTAN_TARGET_OS_IS_LLVM) || defined(BOTAN_TARGET_OS_IS_NONE) |
105 | | return 0; // truly no meaningful value |
106 | | #else |
107 | | #error "Missing get_process_id" |
108 | | #endif |
109 | 473k | } |
110 | | |
111 | | size_t OS::get_cache_line_size() |
112 | 0 | { |
113 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
114 | | unsigned long cache_line_size_vl; |
115 | | size_t size = sizeof(cache_line_size_vl); |
116 | | if(::sysctlbyname("hw.cachelinesize", &cache_line_size_vl, &size, nullptr, 0) == 0) |
117 | | return static_cast<size_t>(cache_line_size_vl); |
118 | | #endif |
119 | |
|
120 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(_SC_LEVEL1_DCACHE_LINESIZE) |
121 | 0 | const long res = ::sysconf(_SC_LEVEL1_DCACHE_LINESIZE); |
122 | 0 | if(res > 0) |
123 | 0 | return static_cast<size_t>(res); |
124 | 0 | #endif |
125 | | |
126 | 0 | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) |
127 | | |
128 | | #if defined(AT_L1D_CACHEGEOMETRY) |
129 | | // Cache line size is bottom 16 bits |
130 | | const unsigned long dcache_info = OS::get_auxval(AT_L1D_CACHEGEOMETRY); |
131 | | if(dcache_info != 0) |
132 | | return static_cast<size_t>(dcache_info & 0xFFFF); |
133 | | #endif |
134 | | |
135 | 0 | #if defined(AT_DCACHEBSIZE) |
136 | 0 | const unsigned long dcache_bsize = OS::get_auxval(AT_DCACHEBSIZE); |
137 | 0 | if(dcache_bsize != 0) |
138 | 0 | return static_cast<size_t>(dcache_bsize); |
139 | 0 | #endif |
140 | | |
141 | 0 | #endif |
142 | | |
143 | | // TODO: on Windows this is returned by GetLogicalProcessorInformation |
144 | | |
145 | | // not available on this platform |
146 | 0 | return 0; |
147 | 0 | } |
148 | | |
149 | | unsigned long OS::get_auxval(unsigned long id) |
150 | 0 | { |
151 | 0 | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) |
152 | 0 | return ::getauxval(id); |
153 | | #elif defined(BOTAN_TARGET_OS_IS_ANDROID) && defined(BOTAN_TARGET_ARCH_IS_ARM32) |
154 | | |
155 | | if(id == 0) |
156 | | return 0; |
157 | | |
158 | | char **p = environ; |
159 | | |
160 | | while(*p++ != nullptr) |
161 | | ; |
162 | | |
163 | | Elf32_auxv_t *e = reinterpret_cast<Elf32_auxv_t*>(p); |
164 | | |
165 | | while(e != nullptr) |
166 | | { |
167 | | if(e->a_type == id) |
168 | | return e->a_un.a_val; |
169 | | e++; |
170 | | } |
171 | | |
172 | | return 0; |
173 | | #elif defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) |
174 | | unsigned long auxinfo = 0; |
175 | | ::elf_aux_info(static_cast<int>(id), &auxinfo, sizeof(auxinfo)); |
176 | | return auxinfo; |
177 | | #else |
178 | | BOTAN_UNUSED(id); |
179 | | return 0; |
180 | | #endif |
181 | 0 | } |
182 | | |
183 | | bool OS::running_in_privileged_state() |
184 | 0 | { |
185 | 0 | #if defined(AT_SECURE) |
186 | 0 | return OS::get_auxval(AT_SECURE) != 0; |
187 | | #elif defined(BOTAN_TARGET_OS_HAS_POSIX1) |
188 | | return (::getuid() != ::geteuid()) || (::getgid() != ::getegid()); |
189 | | #else |
190 | | return false; |
191 | | #endif |
192 | 0 | } |
193 | | |
194 | | uint64_t OS::get_cpu_cycle_counter() |
195 | 0 | { |
196 | 0 | uint64_t rtc = 0; |
197 | |
|
198 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) |
199 | | LARGE_INTEGER tv; |
200 | | ::QueryPerformanceCounter(&tv); |
201 | | rtc = tv.QuadPart; |
202 | | |
203 | | #elif defined(BOTAN_USE_GCC_INLINE_ASM) |
204 | |
|
205 | 0 | #if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) |
206 | |
|
207 | 0 | if(CPUID::has_rdtsc()) |
208 | 0 | { |
209 | 0 | uint32_t rtc_low = 0, rtc_high = 0; |
210 | 0 | asm volatile("rdtsc" : "=d" (rtc_high), "=a" (rtc_low)); |
211 | 0 | rtc = (static_cast<uint64_t>(rtc_high) << 32) | rtc_low; |
212 | 0 | } |
213 | |
|
214 | | #elif defined(BOTAN_TARGET_ARCH_IS_PPC64) |
215 | | |
216 | | for(;;) |
217 | | { |
218 | | uint32_t rtc_low = 0, rtc_high = 0, rtc_high2 = 0; |
219 | | asm volatile("mftbu %0" : "=r" (rtc_high)); |
220 | | asm volatile("mftb %0" : "=r" (rtc_low)); |
221 | | asm volatile("mftbu %0" : "=r" (rtc_high2)); |
222 | | |
223 | | if(rtc_high == rtc_high2) |
224 | | { |
225 | | rtc = (static_cast<uint64_t>(rtc_high) << 32) | rtc_low; |
226 | | break; |
227 | | } |
228 | | } |
229 | | |
230 | | #elif defined(BOTAN_TARGET_ARCH_IS_ALPHA) |
231 | | asm volatile("rpcc %0" : "=r" (rtc)); |
232 | | |
233 | | // OpenBSD does not trap access to the %tick register |
234 | | #elif defined(BOTAN_TARGET_ARCH_IS_SPARC64) && !defined(BOTAN_TARGET_OS_IS_OPENBSD) |
235 | | asm volatile("rd %%tick, %0" : "=r" (rtc)); |
236 | | |
237 | | #elif defined(BOTAN_TARGET_ARCH_IS_IA64) |
238 | | asm volatile("mov %0=ar.itc" : "=r" (rtc)); |
239 | | |
240 | | #elif defined(BOTAN_TARGET_ARCH_IS_S390X) |
241 | | asm volatile("stck 0(%0)" : : "a" (&rtc) : "memory", "cc"); |
242 | | |
243 | | #elif defined(BOTAN_TARGET_ARCH_IS_HPPA) |
244 | | asm volatile("mfctl 16,%0" : "=r" (rtc)); // 64-bit only? |
245 | | |
246 | | #else |
247 | | //#warning "OS::get_cpu_cycle_counter not implemented" |
248 | | #endif |
249 | |
|
250 | 0 | #endif |
251 | |
|
252 | 0 | return rtc; |
253 | 0 | } |
254 | | |
255 | | size_t OS::get_cpu_total() |
256 | 0 | { |
257 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(_SC_NPROCESSORS_CONF) |
258 | 0 | const long res = ::sysconf(_SC_NPROCESSORS_CONF); |
259 | 0 | if(res > 0) |
260 | 0 | return static_cast<size_t>(res); |
261 | 0 | #endif |
262 | | |
263 | 0 | #if defined(BOTAN_TARGET_OS_HAS_THREADS) |
264 | 0 | return static_cast<size_t>(std::thread::hardware_concurrency()); |
265 | | #else |
266 | | return 1; |
267 | | #endif |
268 | 0 | } |
269 | | |
270 | | size_t OS::get_cpu_available() |
271 | 0 | { |
272 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(_SC_NPROCESSORS_ONLN) |
273 | 0 | const long res = ::sysconf(_SC_NPROCESSORS_ONLN); |
274 | 0 | if(res > 0) |
275 | 0 | return static_cast<size_t>(res); |
276 | 0 | #endif |
277 | | |
278 | 0 | return OS::get_cpu_total(); |
279 | 0 | } |
280 | | |
281 | | uint64_t OS::get_high_resolution_clock() |
282 | 0 | { |
283 | 0 | if(uint64_t cpu_clock = OS::get_cpu_cycle_counter()) |
284 | 0 | return cpu_clock; |
285 | | |
286 | | #if defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
287 | | return emscripten_get_now(); |
288 | | #endif |
289 | | |
290 | | /* |
291 | | If we got here either we either don't have an asm instruction |
292 | | above, or (for x86) RDTSC is not available at runtime. Try some |
293 | | clock_gettimes and return the first one that works, or otherwise |
294 | | fall back to std::chrono. |
295 | | */ |
296 | | |
297 | 0 | #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) |
298 | | |
299 | | // The ordering here is somewhat arbitrary... |
300 | 0 | const clockid_t clock_types[] = { |
301 | | #if defined(CLOCK_MONOTONIC_HR) |
302 | | CLOCK_MONOTONIC_HR, |
303 | | #endif |
304 | 0 | #if defined(CLOCK_MONOTONIC_RAW) |
305 | 0 | CLOCK_MONOTONIC_RAW, |
306 | 0 | #endif |
307 | 0 | #if defined(CLOCK_MONOTONIC) |
308 | 0 | CLOCK_MONOTONIC, |
309 | 0 | #endif |
310 | 0 | #if defined(CLOCK_PROCESS_CPUTIME_ID) |
311 | 0 | CLOCK_PROCESS_CPUTIME_ID, |
312 | 0 | #endif |
313 | 0 | #if defined(CLOCK_THREAD_CPUTIME_ID) |
314 | 0 | CLOCK_THREAD_CPUTIME_ID, |
315 | 0 | #endif |
316 | 0 | }; |
317 | |
|
318 | 0 | for(clockid_t clock : clock_types) |
319 | 0 | { |
320 | 0 | struct timespec ts; |
321 | 0 | if(::clock_gettime(clock, &ts) == 0) |
322 | 0 | { |
323 | 0 | return (static_cast<uint64_t>(ts.tv_sec) * 1000000000) + static_cast<uint64_t>(ts.tv_nsec); |
324 | 0 | } |
325 | 0 | } |
326 | 0 | #endif |
327 | | |
328 | | // Plain C++11 fallback |
329 | 0 | auto now = std::chrono::high_resolution_clock::now().time_since_epoch(); |
330 | 0 | return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); |
331 | 0 | } |
332 | | |
333 | | uint64_t OS::get_system_timestamp_ns() |
334 | 0 | { |
335 | 0 | #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) |
336 | 0 | struct timespec ts; |
337 | 0 | if(::clock_gettime(CLOCK_REALTIME, &ts) == 0) |
338 | 0 | { |
339 | 0 | return (static_cast<uint64_t>(ts.tv_sec) * 1000000000) + static_cast<uint64_t>(ts.tv_nsec); |
340 | 0 | } |
341 | 0 | #endif |
342 | | |
343 | 0 | auto now = std::chrono::system_clock::now().time_since_epoch(); |
344 | 0 | return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); |
345 | 0 | } |
346 | | |
347 | | size_t OS::system_page_size() |
348 | 0 | { |
349 | 0 | const size_t default_page_size = 4096; |
350 | |
|
351 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
352 | 0 | long p = ::sysconf(_SC_PAGESIZE); |
353 | 0 | if(p > 1) |
354 | 0 | return static_cast<size_t>(p); |
355 | 0 | else |
356 | 0 | return default_page_size; |
357 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
358 | | BOTAN_UNUSED(default_page_size); |
359 | | SYSTEM_INFO sys_info; |
360 | | ::GetSystemInfo(&sys_info); |
361 | | return sys_info.dwPageSize; |
362 | | #else |
363 | | return default_page_size; |
364 | | #endif |
365 | 0 | } |
366 | | |
367 | | size_t OS::get_memory_locking_limit() |
368 | 0 | { |
369 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) && defined(RLIMIT_MEMLOCK) |
370 | | /* |
371 | | * If RLIMIT_MEMLOCK is not defined, likely the OS does not support |
372 | | * unprivileged mlock calls. |
373 | | * |
374 | | * Linux defaults to only 64 KiB of mlockable memory per process |
375 | | * (too small) but BSDs offer a small fraction of total RAM (more |
376 | | * than we need). Bound the total mlock size to 512 KiB which is |
377 | | * enough to run the entire test suite without spilling to non-mlock |
378 | | * memory (and thus presumably also enough for many useful |
379 | | * programs), but small enough that we should not cause problems |
380 | | * even if many processes are mlocking on the same machine. |
381 | | */ |
382 | 0 | const size_t user_req = read_env_variable_sz("BOTAN_MLOCK_POOL_SIZE", BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB); |
383 | |
|
384 | 0 | const size_t mlock_requested = std::min<size_t>(user_req, BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB); |
385 | |
|
386 | 0 | if(mlock_requested > 0) |
387 | 0 | { |
388 | 0 | struct ::rlimit limits; |
389 | |
|
390 | 0 | ::getrlimit(RLIMIT_MEMLOCK, &limits); |
391 | |
|
392 | 0 | if(limits.rlim_cur < limits.rlim_max) |
393 | 0 | { |
394 | 0 | limits.rlim_cur = limits.rlim_max; |
395 | 0 | ::setrlimit(RLIMIT_MEMLOCK, &limits); |
396 | 0 | ::getrlimit(RLIMIT_MEMLOCK, &limits); |
397 | 0 | } |
398 | |
|
399 | 0 | return std::min<size_t>(limits.rlim_cur, mlock_requested * 1024); |
400 | 0 | } |
401 | | |
402 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
403 | | SIZE_T working_min = 0, working_max = 0; |
404 | | if(!::GetProcessWorkingSetSize(::GetCurrentProcess(), &working_min, &working_max)) |
405 | | { |
406 | | return 0; |
407 | | } |
408 | | |
409 | | // According to Microsoft MSDN: |
410 | | // The maximum number of pages that a process can lock is equal to the number of pages in its minimum working set minus a small overhead |
411 | | // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages |
412 | | // But the information in the book seems to be inaccurate/outdated |
413 | | // I've tested this on Windows 8.1 x64, Windows 10 x64 and Windows 7 x86 |
414 | | // On all three OS the value is 11 instead of 8 |
415 | | const size_t overhead = OS::system_page_size() * 11; |
416 | | if(working_min > overhead) |
417 | | { |
418 | | const size_t lockable_bytes = working_min - overhead; |
419 | | return std::min<size_t>(lockable_bytes, BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB * 1024); |
420 | | } |
421 | | #endif |
422 | | |
423 | | // Not supported on this platform |
424 | 0 | return 0; |
425 | 0 | } |
426 | | |
427 | | bool OS::read_env_variable(std::string& value_out, const std::string& name) |
428 | 0 | { |
429 | 0 | value_out = ""; |
430 | |
|
431 | 0 | if(running_in_privileged_state()) |
432 | 0 | return false; |
433 | | |
434 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) |
435 | | char val[128] = { 0 }; |
436 | | size_t req_size = 0; |
437 | | if(getenv_s(&req_size, val, sizeof(val), name.c_str()) == 0) |
438 | | { |
439 | | value_out = std::string(val, req_size); |
440 | | return true; |
441 | | } |
442 | | #else |
443 | 0 | if(const char* val = std::getenv(name.c_str())) |
444 | 0 | { |
445 | 0 | value_out = val; |
446 | 0 | return true; |
447 | 0 | } |
448 | 0 | #endif |
449 | | |
450 | 0 | return false; |
451 | 0 | } |
452 | | |
453 | | size_t OS::read_env_variable_sz(const std::string& name, size_t def) |
454 | 0 | { |
455 | 0 | std::string value; |
456 | 0 | if(read_env_variable(value, name)) |
457 | 0 | { |
458 | 0 | try |
459 | 0 | { |
460 | 0 | const size_t val = std::stoul(value, nullptr); |
461 | 0 | return val; |
462 | 0 | } |
463 | 0 | catch(std::exception&) { /* ignore it */ } |
464 | 0 | } |
465 | |
|
466 | 0 | return def; |
467 | 0 | } |
468 | | |
469 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
470 | | |
471 | | namespace { |
472 | | |
473 | | int get_locked_fd() |
474 | 0 | { |
475 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
476 | | // On Darwin, tagging anonymous pages allows vmmap to track these. |
477 | | // Allowed from 240 to 255 for userland applications |
478 | | static constexpr int default_locked_fd = 255; |
479 | | int locked_fd = default_locked_fd; |
480 | | |
481 | | if(size_t locked_fdl = OS::read_env_variable_sz("BOTAN_LOCKED_FD", default_locked_fd)) |
482 | | { |
483 | | if(locked_fdl < 240 || locked_fdl > 255) |
484 | | { |
485 | | locked_fdl = default_locked_fd; |
486 | | } |
487 | | locked_fd = static_cast<int>(locked_fdl); |
488 | | } |
489 | | return VM_MAKE_TAG(locked_fd); |
490 | | #else |
491 | 0 | return -1; |
492 | 0 | #endif |
493 | 0 | } |
494 | | |
495 | | } |
496 | | |
497 | | #endif |
498 | | |
499 | | std::vector<void*> OS::allocate_locked_pages(size_t count) |
500 | 0 | { |
501 | 0 | std::vector<void*> result; |
502 | |
|
503 | 0 | #if (defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK)) || defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
504 | |
|
505 | 0 | result.reserve(count); |
506 | |
|
507 | 0 | const size_t page_size = OS::system_page_size(); |
508 | |
|
509 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
510 | 0 | static const int locked_fd = get_locked_fd(); |
511 | 0 | #endif |
512 | |
|
513 | 0 | for(size_t i = 0; i != count; ++i) |
514 | 0 | { |
515 | 0 | void* ptr = nullptr; |
516 | |
|
517 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
518 | |
|
519 | | #if !defined(MAP_ANONYMOUS) |
520 | | #define MAP_ANONYMOUS MAP_ANON |
521 | | #endif |
522 | |
|
523 | 0 | #if !defined(MAP_NOCORE) |
524 | | #if defined(MAP_CONCEAL) |
525 | | #define MAP_NOCORE MAP_CONCEAL |
526 | | #else |
527 | 0 | #define MAP_NOCORE 0 |
528 | 0 | #endif |
529 | 0 | #endif |
530 | |
|
531 | 0 | #if !defined(PROT_MAX) |
532 | 0 | #define PROT_MAX(p) 0 |
533 | 0 | #endif |
534 | 0 | const int pflags = PROT_READ | PROT_WRITE; |
535 | |
|
536 | 0 | ptr = ::mmap(nullptr, 3*page_size, |
537 | 0 | pflags | PROT_MAX(pflags), |
538 | 0 | MAP_ANONYMOUS | MAP_PRIVATE | MAP_NOCORE, |
539 | 0 | /*fd=*/locked_fd, /*offset=*/0); |
540 | |
|
541 | 0 | if(ptr == MAP_FAILED) |
542 | 0 | { |
543 | 0 | continue; |
544 | 0 | } |
545 | | |
546 | | // lock the data page |
547 | 0 | if(::mlock(static_cast<uint8_t*>(ptr) + page_size, page_size) != 0) |
548 | 0 | { |
549 | 0 | ::munmap(ptr, 3*page_size); |
550 | 0 | continue; |
551 | 0 | } |
552 | | |
553 | 0 | #if defined(MADV_DONTDUMP) |
554 | | // we ignore errors here, as DONTDUMP is just a bonus |
555 | 0 | ::madvise(static_cast<uint8_t*>(ptr) + page_size, page_size, MADV_DONTDUMP); |
556 | 0 | #endif |
557 | |
|
558 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
559 | | ptr = ::VirtualAlloc(nullptr, 3*page_size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); |
560 | | |
561 | | if(ptr == nullptr) |
562 | | continue; |
563 | | |
564 | | if(::VirtualLock(static_cast<uint8_t*>(ptr) + page_size, page_size) == 0) |
565 | | { |
566 | | ::VirtualFree(ptr, 0, MEM_RELEASE); |
567 | | continue; |
568 | | } |
569 | | #endif |
570 | |
|
571 | 0 | std::memset(ptr, 0, 3*page_size); // zero data page and both guard pages |
572 | | |
573 | | // Make guard page preceeding the data page |
574 | 0 | page_prohibit_access(static_cast<uint8_t*>(ptr)); |
575 | | // Make guard page following the data page |
576 | 0 | page_prohibit_access(static_cast<uint8_t*>(ptr) + 2*page_size); |
577 | |
|
578 | 0 | result.push_back(static_cast<uint8_t*>(ptr) + page_size); |
579 | 0 | } |
580 | | #else |
581 | | BOTAN_UNUSED(count); |
582 | | #endif |
583 | |
|
584 | 0 | return result; |
585 | 0 | } |
586 | | |
587 | | void OS::page_allow_access(void* page) |
588 | 0 | { |
589 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
590 | 0 | const size_t page_size = OS::system_page_size(); |
591 | 0 | ::mprotect(page, page_size, PROT_READ | PROT_WRITE); |
592 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
593 | | const size_t page_size = OS::system_page_size(); |
594 | | DWORD old_perms = 0; |
595 | | ::VirtualProtect(page, page_size, PAGE_READWRITE, &old_perms); |
596 | | BOTAN_UNUSED(old_perms); |
597 | | #else |
598 | | BOTAN_UNUSED(page); |
599 | | #endif |
600 | 0 | } |
601 | | |
602 | | void OS::page_prohibit_access(void* page) |
603 | 0 | { |
604 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
605 | 0 | const size_t page_size = OS::system_page_size(); |
606 | 0 | ::mprotect(page, page_size, PROT_NONE); |
607 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
608 | | const size_t page_size = OS::system_page_size(); |
609 | | DWORD old_perms = 0; |
610 | | ::VirtualProtect(page, page_size, PAGE_NOACCESS, &old_perms); |
611 | | BOTAN_UNUSED(old_perms); |
612 | | #else |
613 | | BOTAN_UNUSED(page); |
614 | | #endif |
615 | 0 | } |
616 | | |
617 | | void OS::free_locked_pages(const std::vector<void*>& pages) |
618 | 0 | { |
619 | 0 | const size_t page_size = OS::system_page_size(); |
620 | |
|
621 | 0 | for(size_t i = 0; i != pages.size(); ++i) |
622 | 0 | { |
623 | 0 | void* ptr = pages[i]; |
624 | |
|
625 | 0 | secure_scrub_memory(ptr, page_size); |
626 | | |
627 | | // ptr points to the data page, guard pages are before and after |
628 | 0 | page_allow_access(static_cast<uint8_t*>(ptr) - page_size); |
629 | 0 | page_allow_access(static_cast<uint8_t*>(ptr) + page_size); |
630 | |
|
631 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
632 | 0 | ::munlock(ptr, page_size); |
633 | 0 | ::munmap(static_cast<uint8_t*>(ptr) - page_size, 3*page_size); |
634 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
635 | | ::VirtualUnlock(ptr, page_size); |
636 | | ::VirtualFree(static_cast<uint8_t*>(ptr) - page_size, 0, MEM_RELEASE); |
637 | | #endif |
638 | 0 | } |
639 | 0 | } |
640 | | |
641 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && !defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
642 | | |
643 | | namespace { |
644 | | |
645 | | static ::sigjmp_buf g_sigill_jmp_buf; |
646 | | |
647 | | void botan_sigill_handler(int) |
648 | 0 | { |
649 | 0 | siglongjmp(g_sigill_jmp_buf, /*non-zero return value*/1); |
650 | 0 | } |
651 | | |
652 | | } |
653 | | |
654 | | #endif |
655 | | |
656 | | int OS::run_cpu_instruction_probe(std::function<int ()> probe_fn) |
657 | 0 | { |
658 | 0 | volatile int probe_result = -3; |
659 | |
|
660 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && !defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
661 | 0 | struct sigaction old_sigaction; |
662 | 0 | struct sigaction sigaction; |
663 | |
|
664 | 0 | sigaction.sa_handler = botan_sigill_handler; |
665 | 0 | sigemptyset(&sigaction.sa_mask); |
666 | 0 | sigaction.sa_flags = 0; |
667 | |
|
668 | 0 | int rc = ::sigaction(SIGILL, &sigaction, &old_sigaction); |
669 | |
|
670 | 0 | if(rc != 0) |
671 | 0 | throw System_Error("run_cpu_instruction_probe sigaction failed", errno); |
672 | | |
673 | 0 | rc = sigsetjmp(g_sigill_jmp_buf, /*save sigs*/1); |
674 | |
|
675 | 0 | if(rc == 0) |
676 | 0 | { |
677 | | // first call to sigsetjmp |
678 | 0 | probe_result = probe_fn(); |
679 | 0 | } |
680 | 0 | else if(rc == 1) |
681 | 0 | { |
682 | | // non-local return from siglongjmp in signal handler: return error |
683 | 0 | probe_result = -1; |
684 | 0 | } |
685 | | |
686 | | // Restore old SIGILL handler, if any |
687 | 0 | rc = ::sigaction(SIGILL, &old_sigaction, nullptr); |
688 | 0 | if(rc != 0) |
689 | 0 | throw System_Error("run_cpu_instruction_probe sigaction restore failed", errno); |
690 | | |
691 | | #else |
692 | | BOTAN_UNUSED(probe_fn); |
693 | | #endif |
694 | | |
695 | 0 | return probe_result; |
696 | 0 | } |
697 | | |
698 | | std::unique_ptr<OS::Echo_Suppression> OS::suppress_echo_on_terminal() |
699 | 0 | { |
700 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
701 | 0 | class POSIX_Echo_Suppression : public Echo_Suppression |
702 | 0 | { |
703 | 0 | public: |
704 | 0 | POSIX_Echo_Suppression() |
705 | 0 | { |
706 | 0 | m_stdin_fd = fileno(stdin); |
707 | 0 | if(::tcgetattr(m_stdin_fd, &m_old_termios) != 0) |
708 | 0 | throw System_Error("Getting terminal status failed", errno); |
709 | | |
710 | 0 | struct termios noecho_flags = m_old_termios; |
711 | 0 | noecho_flags.c_lflag &= ~ECHO; |
712 | 0 | noecho_flags.c_lflag |= ECHONL; |
713 | |
|
714 | 0 | if(::tcsetattr(m_stdin_fd, TCSANOW, &noecho_flags) != 0) |
715 | 0 | throw System_Error("Clearing terminal echo bit failed", errno); |
716 | 0 | } |
717 | |
|
718 | 0 | void reenable_echo() override |
719 | 0 | { |
720 | 0 | if(m_stdin_fd > 0) |
721 | 0 | { |
722 | 0 | if(::tcsetattr(m_stdin_fd, TCSANOW, &m_old_termios) != 0) |
723 | 0 | throw System_Error("Restoring terminal echo bit failed", errno); |
724 | 0 | m_stdin_fd = -1; |
725 | 0 | } |
726 | 0 | } |
727 | |
|
728 | 0 | ~POSIX_Echo_Suppression() |
729 | 0 | { |
730 | 0 | try |
731 | 0 | { |
732 | 0 | reenable_echo(); |
733 | 0 | } |
734 | 0 | catch(...) |
735 | 0 | { |
736 | 0 | } |
737 | 0 | } |
738 | |
|
739 | 0 | private: |
740 | 0 | int m_stdin_fd; |
741 | 0 | struct termios m_old_termios; |
742 | 0 | }; |
743 | |
|
744 | 0 | return std::unique_ptr<Echo_Suppression>(new POSIX_Echo_Suppression); |
745 | |
|
746 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) |
747 | | |
748 | | class Win32_Echo_Suppression : public Echo_Suppression |
749 | | { |
750 | | public: |
751 | | Win32_Echo_Suppression() |
752 | | { |
753 | | m_input_handle = ::GetStdHandle(STD_INPUT_HANDLE); |
754 | | if(::GetConsoleMode(m_input_handle, &m_console_state) == 0) |
755 | | throw System_Error("Getting console mode failed", ::GetLastError()); |
756 | | |
757 | | DWORD new_mode = ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT; |
758 | | if(::SetConsoleMode(m_input_handle, new_mode) == 0) |
759 | | throw System_Error("Setting console mode failed", ::GetLastError()); |
760 | | } |
761 | | |
762 | | void reenable_echo() override |
763 | | { |
764 | | if(m_input_handle != INVALID_HANDLE_VALUE) |
765 | | { |
766 | | if(::SetConsoleMode(m_input_handle, m_console_state) == 0) |
767 | | throw System_Error("Setting console mode failed", ::GetLastError()); |
768 | | m_input_handle = INVALID_HANDLE_VALUE; |
769 | | } |
770 | | } |
771 | | |
772 | | ~Win32_Echo_Suppression() |
773 | | { |
774 | | try |
775 | | { |
776 | | reenable_echo(); |
777 | | } |
778 | | catch(...) |
779 | | { |
780 | | } |
781 | | } |
782 | | |
783 | | private: |
784 | | HANDLE m_input_handle; |
785 | | DWORD m_console_state; |
786 | | }; |
787 | | |
788 | | return std::unique_ptr<Echo_Suppression>(new Win32_Echo_Suppression); |
789 | | |
790 | | #else |
791 | | |
792 | | // Not supported on this platform, return null |
793 | | return std::unique_ptr<Echo_Suppression>(); |
794 | | #endif |
795 | 0 | } |
796 | | |
797 | | } |