/src/botan/src/lib/utils/os_utils.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * OS and machine specific utility functions |
3 | | * (C) 2015,2016,2017,2018 Jack Lloyd |
4 | | * (C) 2016 Daniel Neus |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/internal/os_utils.h> |
10 | | #include <botan/internal/cpuid.h> |
11 | | #include <botan/exceptn.h> |
12 | | #include <botan/mem_ops.h> |
13 | | |
14 | | #include <algorithm> |
15 | | #include <chrono> |
16 | | #include <cstdlib> |
17 | | |
18 | | #if defined(BOTAN_TARGET_OS_HAS_THREADS) |
19 | | #include <thread> |
20 | | #endif |
21 | | |
22 | | #if defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) |
23 | | #include <string.h> |
24 | | #endif |
25 | | |
26 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
27 | | #include <sys/types.h> |
28 | | #include <sys/resource.h> |
29 | | #include <sys/mman.h> |
30 | | #include <signal.h> |
31 | | #include <stdlib.h> |
32 | | #include <setjmp.h> |
33 | | #include <unistd.h> |
34 | | #include <errno.h> |
35 | | #include <termios.h> |
36 | | #undef B0 |
37 | | #endif |
38 | | |
39 | | #if defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
40 | | #include <emscripten/emscripten.h> |
41 | | #endif |
42 | | |
43 | | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) || defined(BOTAN_TARGET_OS_IS_ANDROID) || \ |
44 | | defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) |
45 | | #include <sys/auxv.h> |
46 | | #endif |
47 | | |
48 | | #if defined(BOTAN_TARGET_OS_HAS_AUXINFO) |
49 | | #include <dlfcn.h> |
50 | | #include <elf.h> |
51 | | #endif |
52 | | |
53 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) |
54 | | #define NOMINMAX 1 |
55 | | #define _WINSOCKAPI_ // stop windows.h including winsock.h |
56 | | #include <windows.h> |
57 | | #endif |
58 | | |
59 | | #if defined(BOTAN_TARGET_OS_IS_ANDROID) |
60 | | #include <elf.h> |
61 | | extern "C" char **environ; |
62 | | #endif |
63 | | |
64 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
65 | | #include <sys/types.h> |
66 | | #include <sys/sysctl.h> |
67 | | #include <mach/vm_statistics.h> |
68 | | #endif |
69 | | |
70 | | namespace Botan { |
71 | | |
72 | | // Not defined in OS namespace for historical reasons |
73 | | void secure_scrub_memory(void* ptr, size_t n) |
74 | 84.1M | { |
75 | | #if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY) |
76 | | ::RtlSecureZeroMemory(ptr, n); |
77 | | |
78 | | #elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) |
79 | | ::explicit_bzero(ptr, n); |
80 | | |
81 | | #elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_MEMSET) |
82 | | (void)::explicit_memset(ptr, 0, n); |
83 | | |
84 | | #elif defined(BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO) && (BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO == 1) |
85 | | /* |
86 | | Call memset through a static volatile pointer, which the compiler |
87 | | should not elide. This construct should be safe in conforming |
88 | | compilers, but who knows. I did confirm that on x86-64 GCC 6.1 and |
89 | | Clang 3.8 both create code that saves the memset address in the |
90 | | data segment and unconditionally loads and jumps to that address. |
91 | | */ |
92 | 84.1M | static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset; |
93 | 84.1M | (memset_ptr)(ptr, 0, n); |
94 | | #else |
95 | | |
96 | | volatile uint8_t* p = reinterpret_cast<volatile uint8_t*>(ptr); |
97 | | |
98 | | for(size_t i = 0; i != n; ++i) |
99 | | p[i] = 0; |
100 | | #endif |
101 | 84.1M | } |
102 | | |
103 | | uint32_t OS::get_process_id() |
104 | 488k | { |
105 | 488k | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
106 | 488k | return ::getpid(); |
107 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) |
108 | | return ::GetCurrentProcessId(); |
109 | | #elif defined(BOTAN_TARGET_OS_IS_INCLUDEOS) || defined(BOTAN_TARGET_OS_IS_LLVM) || defined(BOTAN_TARGET_OS_IS_NONE) |
110 | | return 0; // truly no meaningful value |
111 | | #else |
112 | | #error "Missing get_process_id" |
113 | | #endif |
114 | 488k | } |
115 | | |
116 | | size_t OS::get_cache_line_size() |
117 | 0 | { |
118 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
119 | | unsigned long cache_line_size_vl; |
120 | | size_t size = sizeof(cache_line_size_vl); |
121 | | if(::sysctlbyname("hw.cachelinesize", &cache_line_size_vl, &size, nullptr, 0) == 0) |
122 | | return static_cast<size_t>(cache_line_size_vl); |
123 | | #endif |
124 | |
|
125 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(_SC_LEVEL1_DCACHE_LINESIZE) |
126 | 0 | const long res = ::sysconf(_SC_LEVEL1_DCACHE_LINESIZE); |
127 | 0 | if(res > 0) |
128 | 0 | return static_cast<size_t>(res); |
129 | 0 | #endif |
130 | | |
131 | 0 | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) |
132 | | |
133 | | #if defined(AT_L1D_CACHEGEOMETRY) |
134 | | // Cache line size is bottom 16 bits |
135 | | const unsigned long dcache_info = OS::get_auxval(AT_L1D_CACHEGEOMETRY); |
136 | | if(dcache_info != 0) |
137 | | return static_cast<size_t>(dcache_info & 0xFFFF); |
138 | | #endif |
139 | | |
140 | 0 | #if defined(AT_DCACHEBSIZE) |
141 | 0 | const unsigned long dcache_bsize = OS::get_auxval(AT_DCACHEBSIZE); |
142 | 0 | if(dcache_bsize != 0) |
143 | 0 | return static_cast<size_t>(dcache_bsize); |
144 | 0 | #endif |
145 | | |
146 | 0 | #endif |
147 | | |
148 | | // TODO: on Windows this is returned by GetLogicalProcessorInformation |
149 | | |
150 | | // not available on this platform |
151 | 0 | return 0; |
152 | 0 | } |
153 | | |
154 | | unsigned long OS::get_auxval(unsigned long id) |
155 | 0 | { |
156 | 0 | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) |
157 | 0 | return ::getauxval(id); |
158 | | #elif defined(BOTAN_TARGET_OS_IS_ANDROID) && defined(BOTAN_TARGET_ARCH_IS_ARM32) |
159 | | |
160 | | if(id == 0) |
161 | | return 0; |
162 | | |
163 | | char **p = environ; |
164 | | |
165 | | while(*p++ != nullptr) |
166 | | ; |
167 | | |
168 | | Elf32_auxv_t *e = reinterpret_cast<Elf32_auxv_t*>(p); |
169 | | |
170 | | while(e != nullptr) |
171 | | { |
172 | | if(e->a_type == id) |
173 | | return e->a_un.a_val; |
174 | | e++; |
175 | | } |
176 | | |
177 | | return 0; |
178 | | #elif defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) |
179 | | unsigned long auxinfo = 0; |
180 | | ::elf_aux_info(static_cast<int>(id), &auxinfo, sizeof(auxinfo)); |
181 | | return auxinfo; |
182 | | #elif defined(BOTAN_TARGET_OS_HAS_AUXINFO) |
183 | | for (const AuxInfo *auxinfo = static_cast<AuxInfo *>(::_dlauxinfo()); auxinfo != AT_NULL; ++auxinfo) |
184 | | { |
185 | | if (id == auxinfo->a_type) |
186 | | return auxinfo->a_v; |
187 | | } |
188 | | |
189 | | return 0; |
190 | | #else |
191 | | BOTAN_UNUSED(id); |
192 | | return 0; |
193 | | #endif |
194 | 0 | } |
195 | | |
196 | | bool OS::running_in_privileged_state() |
197 | 0 | { |
198 | 0 | #if defined(AT_SECURE) |
199 | 0 | return OS::get_auxval(AT_SECURE) != 0; |
200 | | #elif defined(BOTAN_TARGET_OS_HAS_POSIX1) |
201 | | return (::getuid() != ::geteuid()) || (::getgid() != ::getegid()); |
202 | | #else |
203 | | return false; |
204 | | #endif |
205 | 0 | } |
206 | | |
207 | | uint64_t OS::get_cpu_cycle_counter() |
208 | 0 | { |
209 | 0 | uint64_t rtc = 0; |
210 | |
|
211 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) |
212 | | LARGE_INTEGER tv; |
213 | | ::QueryPerformanceCounter(&tv); |
214 | | rtc = tv.QuadPart; |
215 | | |
216 | | #elif defined(BOTAN_USE_GCC_INLINE_ASM) |
217 | |
|
218 | 0 | #if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) |
219 | |
|
220 | 0 | if(CPUID::has_rdtsc()) |
221 | 0 | { |
222 | 0 | uint32_t rtc_low = 0, rtc_high = 0; |
223 | 0 | asm volatile("rdtsc" : "=d" (rtc_high), "=a" (rtc_low)); |
224 | 0 | rtc = (static_cast<uint64_t>(rtc_high) << 32) | rtc_low; |
225 | 0 | } |
226 | |
|
227 | | #elif defined(BOTAN_TARGET_ARCH_IS_PPC64) |
228 | | |
229 | | for(;;) |
230 | | { |
231 | | uint32_t rtc_low = 0, rtc_high = 0, rtc_high2 = 0; |
232 | | asm volatile("mftbu %0" : "=r" (rtc_high)); |
233 | | asm volatile("mftb %0" : "=r" (rtc_low)); |
234 | | asm volatile("mftbu %0" : "=r" (rtc_high2)); |
235 | | |
236 | | if(rtc_high == rtc_high2) |
237 | | { |
238 | | rtc = (static_cast<uint64_t>(rtc_high) << 32) | rtc_low; |
239 | | break; |
240 | | } |
241 | | } |
242 | | |
243 | | #elif defined(BOTAN_TARGET_ARCH_IS_ALPHA) |
244 | | asm volatile("rpcc %0" : "=r" (rtc)); |
245 | | |
246 | | // OpenBSD does not trap access to the %tick register |
247 | | #elif defined(BOTAN_TARGET_ARCH_IS_SPARC64) && !defined(BOTAN_TARGET_OS_IS_OPENBSD) |
248 | | asm volatile("rd %%tick, %0" : "=r" (rtc)); |
249 | | |
250 | | #elif defined(BOTAN_TARGET_ARCH_IS_IA64) |
251 | | asm volatile("mov %0=ar.itc" : "=r" (rtc)); |
252 | | |
253 | | #elif defined(BOTAN_TARGET_ARCH_IS_S390X) |
254 | | asm volatile("stck 0(%0)" : : "a" (&rtc) : "memory", "cc"); |
255 | | |
256 | | #elif defined(BOTAN_TARGET_ARCH_IS_HPPA) |
257 | | asm volatile("mfctl 16,%0" : "=r" (rtc)); // 64-bit only? |
258 | | |
259 | | #elif defined(BOTAN_TARGET_ARCH_IS_ARM64) && defined(BOTAN_TARGET_OS_IS_MACOS) |
260 | | asm volatile("isb; mrs %0, cntvct_el0" : "=r" (rtc)); |
261 | | |
262 | | #else |
263 | | //#warning "OS::get_cpu_cycle_counter not implemented" |
264 | | #endif |
265 | |
|
266 | 0 | #endif |
267 | |
|
268 | 0 | return rtc; |
269 | 0 | } |
270 | | |
271 | | size_t OS::get_cpu_total() |
272 | 0 | { |
273 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(_SC_NPROCESSORS_CONF) |
274 | 0 | const long res = ::sysconf(_SC_NPROCESSORS_CONF); |
275 | 0 | if(res > 0) |
276 | 0 | return static_cast<size_t>(res); |
277 | 0 | #endif |
278 | | |
279 | 0 | #if defined(BOTAN_TARGET_OS_HAS_THREADS) |
280 | 0 | return static_cast<size_t>(std::thread::hardware_concurrency()); |
281 | | #else |
282 | | return 1; |
283 | | #endif |
284 | 0 | } |
285 | | |
286 | | size_t OS::get_cpu_available() |
287 | 0 | { |
288 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(_SC_NPROCESSORS_ONLN) |
289 | 0 | const long res = ::sysconf(_SC_NPROCESSORS_ONLN); |
290 | 0 | if(res > 0) |
291 | 0 | return static_cast<size_t>(res); |
292 | 0 | #endif |
293 | | |
294 | 0 | return OS::get_cpu_total(); |
295 | 0 | } |
296 | | |
297 | | uint64_t OS::get_high_resolution_clock() |
298 | 0 | { |
299 | 0 | if(uint64_t cpu_clock = OS::get_cpu_cycle_counter()) |
300 | 0 | return cpu_clock; |
301 | | |
302 | | #if defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
303 | | return emscripten_get_now(); |
304 | | #endif |
305 | | |
306 | | /* |
307 | | If we got here either we either don't have an asm instruction |
308 | | above, or (for x86) RDTSC is not available at runtime. Try some |
309 | | clock_gettimes and return the first one that works, or otherwise |
310 | | fall back to std::chrono. |
311 | | */ |
312 | | |
313 | 0 | #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) |
314 | | |
315 | | // The ordering here is somewhat arbitrary... |
316 | 0 | const clockid_t clock_types[] = { |
317 | | #if defined(CLOCK_MONOTONIC_HR) |
318 | | CLOCK_MONOTONIC_HR, |
319 | | #endif |
320 | 0 | #if defined(CLOCK_MONOTONIC_RAW) |
321 | 0 | CLOCK_MONOTONIC_RAW, |
322 | 0 | #endif |
323 | 0 | #if defined(CLOCK_MONOTONIC) |
324 | 0 | CLOCK_MONOTONIC, |
325 | 0 | #endif |
326 | 0 | #if defined(CLOCK_PROCESS_CPUTIME_ID) |
327 | 0 | CLOCK_PROCESS_CPUTIME_ID, |
328 | 0 | #endif |
329 | 0 | #if defined(CLOCK_THREAD_CPUTIME_ID) |
330 | 0 | CLOCK_THREAD_CPUTIME_ID, |
331 | 0 | #endif |
332 | 0 | }; |
333 | |
|
334 | 0 | for(clockid_t clock : clock_types) |
335 | 0 | { |
336 | 0 | struct timespec ts; |
337 | 0 | if(::clock_gettime(clock, &ts) == 0) |
338 | 0 | { |
339 | 0 | return (static_cast<uint64_t>(ts.tv_sec) * 1000000000) + static_cast<uint64_t>(ts.tv_nsec); |
340 | 0 | } |
341 | 0 | } |
342 | 0 | #endif |
343 | | |
344 | | // Plain C++11 fallback |
345 | 0 | auto now = std::chrono::high_resolution_clock::now().time_since_epoch(); |
346 | 0 | return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); |
347 | 0 | } |
348 | | |
349 | | uint64_t OS::get_system_timestamp_ns() |
350 | 0 | { |
351 | 0 | #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) |
352 | 0 | struct timespec ts; |
353 | 0 | if(::clock_gettime(CLOCK_REALTIME, &ts) == 0) |
354 | 0 | { |
355 | 0 | return (static_cast<uint64_t>(ts.tv_sec) * 1000000000) + static_cast<uint64_t>(ts.tv_nsec); |
356 | 0 | } |
357 | 0 | #endif |
358 | | |
359 | 0 | auto now = std::chrono::system_clock::now().time_since_epoch(); |
360 | 0 | return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); |
361 | 0 | } |
362 | | |
363 | | size_t OS::system_page_size() |
364 | 0 | { |
365 | 0 | const size_t default_page_size = 4096; |
366 | |
|
367 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
368 | 0 | long p = ::sysconf(_SC_PAGESIZE); |
369 | 0 | if(p > 1) |
370 | 0 | return static_cast<size_t>(p); |
371 | 0 | else |
372 | 0 | return default_page_size; |
373 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
374 | | BOTAN_UNUSED(default_page_size); |
375 | | SYSTEM_INFO sys_info; |
376 | | ::GetSystemInfo(&sys_info); |
377 | | return sys_info.dwPageSize; |
378 | | #else |
379 | | return default_page_size; |
380 | | #endif |
381 | 0 | } |
382 | | |
383 | | size_t OS::get_memory_locking_limit() |
384 | 0 | { |
385 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) && defined(RLIMIT_MEMLOCK) |
386 | | /* |
387 | | * If RLIMIT_MEMLOCK is not defined, likely the OS does not support |
388 | | * unprivileged mlock calls. |
389 | | * |
390 | | * Linux defaults to only 64 KiB of mlockable memory per process |
391 | | * (too small) but BSDs offer a small fraction of total RAM (more |
392 | | * than we need). Bound the total mlock size to 512 KiB which is |
393 | | * enough to run the entire test suite without spilling to non-mlock |
394 | | * memory (and thus presumably also enough for many useful |
395 | | * programs), but small enough that we should not cause problems |
396 | | * even if many processes are mlocking on the same machine. |
397 | | */ |
398 | 0 | const size_t user_req = read_env_variable_sz("BOTAN_MLOCK_POOL_SIZE", BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB); |
399 | |
|
400 | 0 | const size_t mlock_requested = std::min<size_t>(user_req, BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB); |
401 | |
|
402 | 0 | if(mlock_requested > 0) |
403 | 0 | { |
404 | 0 | struct ::rlimit limits; |
405 | |
|
406 | 0 | ::getrlimit(RLIMIT_MEMLOCK, &limits); |
407 | |
|
408 | 0 | if(limits.rlim_cur < limits.rlim_max) |
409 | 0 | { |
410 | 0 | limits.rlim_cur = limits.rlim_max; |
411 | 0 | ::setrlimit(RLIMIT_MEMLOCK, &limits); |
412 | 0 | ::getrlimit(RLIMIT_MEMLOCK, &limits); |
413 | 0 | } |
414 | |
|
415 | 0 | return std::min<size_t>(limits.rlim_cur, mlock_requested * 1024); |
416 | 0 | } |
417 | | |
418 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
419 | | SIZE_T working_min = 0, working_max = 0; |
420 | | if(!::GetProcessWorkingSetSize(::GetCurrentProcess(), &working_min, &working_max)) |
421 | | { |
422 | | return 0; |
423 | | } |
424 | | |
425 | | // According to Microsoft MSDN: |
426 | | // The maximum number of pages that a process can lock is equal to the number of pages in its minimum working set minus a small overhead |
427 | | // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages |
428 | | // But the information in the book seems to be inaccurate/outdated |
429 | | // I've tested this on Windows 8.1 x64, Windows 10 x64 and Windows 7 x86 |
430 | | // On all three OS the value is 11 instead of 8 |
431 | | const size_t overhead = OS::system_page_size() * 11; |
432 | | if(working_min > overhead) |
433 | | { |
434 | | const size_t lockable_bytes = working_min - overhead; |
435 | | return std::min<size_t>(lockable_bytes, BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB * 1024); |
436 | | } |
437 | | #endif |
438 | | |
439 | | // Not supported on this platform |
440 | 0 | return 0; |
441 | 0 | } |
442 | | |
443 | | bool OS::read_env_variable(std::string& value_out, const std::string& name) |
444 | 0 | { |
445 | 0 | value_out = ""; |
446 | |
|
447 | 0 | if(running_in_privileged_state()) |
448 | 0 | return false; |
449 | | |
450 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) |
451 | | char val[128] = { 0 }; |
452 | | size_t req_size = 0; |
453 | | if(getenv_s(&req_size, val, sizeof(val), name.c_str()) == 0) |
454 | | { |
455 | | value_out = std::string(val, req_size); |
456 | | return true; |
457 | | } |
458 | | #else |
459 | 0 | if(const char* val = std::getenv(name.c_str())) |
460 | 0 | { |
461 | 0 | value_out = val; |
462 | 0 | return true; |
463 | 0 | } |
464 | 0 | #endif |
465 | | |
466 | 0 | return false; |
467 | 0 | } |
468 | | |
469 | | size_t OS::read_env_variable_sz(const std::string& name, size_t def) |
470 | 0 | { |
471 | 0 | std::string value; |
472 | 0 | if(read_env_variable(value, name)) |
473 | 0 | { |
474 | 0 | try |
475 | 0 | { |
476 | 0 | const size_t val = std::stoul(value, nullptr); |
477 | 0 | return val; |
478 | 0 | } |
479 | 0 | catch(std::exception&) { /* ignore it */ } |
480 | 0 | } |
481 | |
|
482 | 0 | return def; |
483 | 0 | } |
484 | | |
485 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
486 | | |
487 | | namespace { |
488 | | |
489 | | int get_locked_fd() |
490 | 0 | { |
491 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
492 | | // On Darwin, tagging anonymous pages allows vmmap to track these. |
493 | | // Allowed from 240 to 255 for userland applications |
494 | | static constexpr int default_locked_fd = 255; |
495 | | int locked_fd = default_locked_fd; |
496 | | |
497 | | if(size_t locked_fdl = OS::read_env_variable_sz("BOTAN_LOCKED_FD", default_locked_fd)) |
498 | | { |
499 | | if(locked_fdl < 240 || locked_fdl > 255) |
500 | | { |
501 | | locked_fdl = default_locked_fd; |
502 | | } |
503 | | locked_fd = static_cast<int>(locked_fdl); |
504 | | } |
505 | | return VM_MAKE_TAG(locked_fd); |
506 | | #else |
507 | 0 | return -1; |
508 | 0 | #endif |
509 | 0 | } |
510 | | |
511 | | } |
512 | | |
513 | | #endif |
514 | | |
515 | | std::vector<void*> OS::allocate_locked_pages(size_t count) |
516 | 0 | { |
517 | 0 | std::vector<void*> result; |
518 | |
|
519 | 0 | #if (defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK)) || defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
520 | |
|
521 | 0 | result.reserve(count); |
522 | |
|
523 | 0 | const size_t page_size = OS::system_page_size(); |
524 | |
|
525 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
526 | 0 | static const int locked_fd = get_locked_fd(); |
527 | 0 | #endif |
528 | |
|
529 | 0 | for(size_t i = 0; i != count; ++i) |
530 | 0 | { |
531 | 0 | void* ptr = nullptr; |
532 | |
|
533 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
534 | |
|
535 | | #if !defined(MAP_ANONYMOUS) |
536 | | #define MAP_ANONYMOUS MAP_ANON |
537 | | #endif |
538 | |
|
539 | 0 | #if !defined(MAP_NOCORE) |
540 | | #if defined(MAP_CONCEAL) |
541 | | #define MAP_NOCORE MAP_CONCEAL |
542 | | #else |
543 | 0 | #define MAP_NOCORE 0 |
544 | 0 | #endif |
545 | 0 | #endif |
546 | |
|
547 | 0 | #if !defined(PROT_MAX) |
548 | 0 | #define PROT_MAX(p) 0 |
549 | 0 | #endif |
550 | 0 | const int pflags = PROT_READ | PROT_WRITE; |
551 | |
|
552 | 0 | ptr = ::mmap(nullptr, 3*page_size, |
553 | 0 | pflags | PROT_MAX(pflags), |
554 | 0 | MAP_ANONYMOUS | MAP_PRIVATE | MAP_NOCORE, |
555 | 0 | /*fd=*/locked_fd, /*offset=*/0); |
556 | |
|
557 | 0 | if(ptr == MAP_FAILED) |
558 | 0 | { |
559 | 0 | continue; |
560 | 0 | } |
561 | | |
562 | | // lock the data page |
563 | 0 | if(::mlock(static_cast<uint8_t*>(ptr) + page_size, page_size) != 0) |
564 | 0 | { |
565 | 0 | ::munmap(ptr, 3*page_size); |
566 | 0 | continue; |
567 | 0 | } |
568 | | |
569 | 0 | #if defined(MADV_DONTDUMP) |
570 | | // we ignore errors here, as DONTDUMP is just a bonus |
571 | 0 | ::madvise(static_cast<uint8_t*>(ptr) + page_size, page_size, MADV_DONTDUMP); |
572 | 0 | #endif |
573 | |
|
574 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
575 | | ptr = ::VirtualAlloc(nullptr, 3*page_size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); |
576 | | |
577 | | if(ptr == nullptr) |
578 | | continue; |
579 | | |
580 | | if(::VirtualLock(static_cast<uint8_t*>(ptr) + page_size, page_size) == 0) |
581 | | { |
582 | | ::VirtualFree(ptr, 0, MEM_RELEASE); |
583 | | continue; |
584 | | } |
585 | | #endif |
586 | |
|
587 | 0 | std::memset(ptr, 0, 3*page_size); // zero data page and both guard pages |
588 | | |
589 | | // Make guard page preceeding the data page |
590 | 0 | page_prohibit_access(static_cast<uint8_t*>(ptr)); |
591 | | // Make guard page following the data page |
592 | 0 | page_prohibit_access(static_cast<uint8_t*>(ptr) + 2*page_size); |
593 | |
|
594 | 0 | result.push_back(static_cast<uint8_t*>(ptr) + page_size); |
595 | 0 | } |
596 | | #else |
597 | | BOTAN_UNUSED(count); |
598 | | #endif |
599 | |
|
600 | 0 | return result; |
601 | 0 | } |
602 | | |
603 | | void OS::page_allow_access(void* page) |
604 | 0 | { |
605 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
606 | 0 | const size_t page_size = OS::system_page_size(); |
607 | 0 | ::mprotect(page, page_size, PROT_READ | PROT_WRITE); |
608 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
609 | | const size_t page_size = OS::system_page_size(); |
610 | | DWORD old_perms = 0; |
611 | | ::VirtualProtect(page, page_size, PAGE_READWRITE, &old_perms); |
612 | | BOTAN_UNUSED(old_perms); |
613 | | #else |
614 | | BOTAN_UNUSED(page); |
615 | | #endif |
616 | 0 | } |
617 | | |
618 | | void OS::page_prohibit_access(void* page) |
619 | 0 | { |
620 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
621 | 0 | const size_t page_size = OS::system_page_size(); |
622 | 0 | ::mprotect(page, page_size, PROT_NONE); |
623 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
624 | | const size_t page_size = OS::system_page_size(); |
625 | | DWORD old_perms = 0; |
626 | | ::VirtualProtect(page, page_size, PAGE_NOACCESS, &old_perms); |
627 | | BOTAN_UNUSED(old_perms); |
628 | | #else |
629 | | BOTAN_UNUSED(page); |
630 | | #endif |
631 | 0 | } |
632 | | |
633 | | void OS::free_locked_pages(const std::vector<void*>& pages) |
634 | 0 | { |
635 | 0 | const size_t page_size = OS::system_page_size(); |
636 | |
|
637 | 0 | for(size_t i = 0; i != pages.size(); ++i) |
638 | 0 | { |
639 | 0 | void* ptr = pages[i]; |
640 | |
|
641 | 0 | secure_scrub_memory(ptr, page_size); |
642 | | |
643 | | // ptr points to the data page, guard pages are before and after |
644 | 0 | page_allow_access(static_cast<uint8_t*>(ptr) - page_size); |
645 | 0 | page_allow_access(static_cast<uint8_t*>(ptr) + page_size); |
646 | |
|
647 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
648 | 0 | ::munlock(ptr, page_size); |
649 | 0 | ::munmap(static_cast<uint8_t*>(ptr) - page_size, 3*page_size); |
650 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
651 | | ::VirtualUnlock(ptr, page_size); |
652 | | ::VirtualFree(static_cast<uint8_t*>(ptr) - page_size, 0, MEM_RELEASE); |
653 | | #endif |
654 | 0 | } |
655 | 0 | } |
656 | | |
657 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && !defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
658 | | |
659 | | namespace { |
660 | | |
661 | | static ::sigjmp_buf g_sigill_jmp_buf; |
662 | | |
663 | | void botan_sigill_handler(int) |
664 | 0 | { |
665 | 0 | siglongjmp(g_sigill_jmp_buf, /*non-zero return value*/1); |
666 | 0 | } |
667 | | |
668 | | } |
669 | | |
670 | | #endif |
671 | | |
672 | | int OS::run_cpu_instruction_probe(std::function<int ()> probe_fn) |
673 | 0 | { |
674 | 0 | volatile int probe_result = -3; |
675 | |
|
676 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && !defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
677 | 0 | struct sigaction old_sigaction; |
678 | 0 | struct sigaction sigaction; |
679 | |
|
680 | 0 | sigaction.sa_handler = botan_sigill_handler; |
681 | 0 | sigemptyset(&sigaction.sa_mask); |
682 | 0 | sigaction.sa_flags = 0; |
683 | |
|
684 | 0 | int rc = ::sigaction(SIGILL, &sigaction, &old_sigaction); |
685 | |
|
686 | 0 | if(rc != 0) |
687 | 0 | throw System_Error("run_cpu_instruction_probe sigaction failed", errno); |
688 | | |
689 | 0 | rc = sigsetjmp(g_sigill_jmp_buf, /*save sigs*/1); |
690 | |
|
691 | 0 | if(rc == 0) |
692 | 0 | { |
693 | | // first call to sigsetjmp |
694 | 0 | probe_result = probe_fn(); |
695 | 0 | } |
696 | 0 | else if(rc == 1) |
697 | 0 | { |
698 | | // non-local return from siglongjmp in signal handler: return error |
699 | 0 | probe_result = -1; |
700 | 0 | } |
701 | | |
702 | | // Restore old SIGILL handler, if any |
703 | 0 | rc = ::sigaction(SIGILL, &old_sigaction, nullptr); |
704 | 0 | if(rc != 0) |
705 | 0 | throw System_Error("run_cpu_instruction_probe sigaction restore failed", errno); |
706 | | |
707 | | #else |
708 | | BOTAN_UNUSED(probe_fn); |
709 | | #endif |
710 | | |
711 | 0 | return probe_result; |
712 | 0 | } |
713 | | |
714 | | std::unique_ptr<OS::Echo_Suppression> OS::suppress_echo_on_terminal() |
715 | 0 | { |
716 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
717 | 0 | class POSIX_Echo_Suppression : public Echo_Suppression |
718 | 0 | { |
719 | 0 | public: |
720 | 0 | POSIX_Echo_Suppression() |
721 | 0 | { |
722 | 0 | m_stdin_fd = fileno(stdin); |
723 | 0 | if(::tcgetattr(m_stdin_fd, &m_old_termios) != 0) |
724 | 0 | throw System_Error("Getting terminal status failed", errno); |
725 | | |
726 | 0 | struct termios noecho_flags = m_old_termios; |
727 | 0 | noecho_flags.c_lflag &= ~ECHO; |
728 | 0 | noecho_flags.c_lflag |= ECHONL; |
729 | |
|
730 | 0 | if(::tcsetattr(m_stdin_fd, TCSANOW, &noecho_flags) != 0) |
731 | 0 | throw System_Error("Clearing terminal echo bit failed", errno); |
732 | 0 | } |
733 | |
|
734 | 0 | void reenable_echo() override |
735 | 0 | { |
736 | 0 | if(m_stdin_fd > 0) |
737 | 0 | { |
738 | 0 | if(::tcsetattr(m_stdin_fd, TCSANOW, &m_old_termios) != 0) |
739 | 0 | throw System_Error("Restoring terminal echo bit failed", errno); |
740 | 0 | m_stdin_fd = -1; |
741 | 0 | } |
742 | 0 | } |
743 | |
|
744 | 0 | ~POSIX_Echo_Suppression() |
745 | 0 | { |
746 | 0 | try |
747 | 0 | { |
748 | 0 | reenable_echo(); |
749 | 0 | } |
750 | 0 | catch(...) |
751 | 0 | { |
752 | 0 | } |
753 | 0 | } |
754 | |
|
755 | 0 | private: |
756 | 0 | int m_stdin_fd; |
757 | 0 | struct termios m_old_termios; |
758 | 0 | }; |
759 | |
|
760 | 0 | return std::unique_ptr<Echo_Suppression>(new POSIX_Echo_Suppression); |
761 | |
|
762 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) |
763 | | |
764 | | class Win32_Echo_Suppression : public Echo_Suppression |
765 | | { |
766 | | public: |
767 | | Win32_Echo_Suppression() |
768 | | { |
769 | | m_input_handle = ::GetStdHandle(STD_INPUT_HANDLE); |
770 | | if(::GetConsoleMode(m_input_handle, &m_console_state) == 0) |
771 | | throw System_Error("Getting console mode failed", ::GetLastError()); |
772 | | |
773 | | DWORD new_mode = ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT; |
774 | | if(::SetConsoleMode(m_input_handle, new_mode) == 0) |
775 | | throw System_Error("Setting console mode failed", ::GetLastError()); |
776 | | } |
777 | | |
778 | | void reenable_echo() override |
779 | | { |
780 | | if(m_input_handle != INVALID_HANDLE_VALUE) |
781 | | { |
782 | | if(::SetConsoleMode(m_input_handle, m_console_state) == 0) |
783 | | throw System_Error("Setting console mode failed", ::GetLastError()); |
784 | | m_input_handle = INVALID_HANDLE_VALUE; |
785 | | } |
786 | | } |
787 | | |
788 | | ~Win32_Echo_Suppression() |
789 | | { |
790 | | try |
791 | | { |
792 | | reenable_echo(); |
793 | | } |
794 | | catch(...) |
795 | | { |
796 | | } |
797 | | } |
798 | | |
799 | | private: |
800 | | HANDLE m_input_handle; |
801 | | DWORD m_console_state; |
802 | | }; |
803 | | |
804 | | return std::unique_ptr<Echo_Suppression>(new Win32_Echo_Suppression); |
805 | | |
806 | | #else |
807 | | |
808 | | // Not supported on this platform, return null |
809 | | return std::unique_ptr<Echo_Suppression>(); |
810 | | #endif |
811 | 0 | } |
812 | | |
813 | | } |