/src/botan/src/lib/utils/os_utils.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * OS and machine specific utility functions |
3 | | * (C) 2015,2016,2017,2018 Jack Lloyd |
4 | | * (C) 2016 Daniel Neus |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/internal/os_utils.h> |
10 | | #include <botan/internal/cpuid.h> |
11 | | #include <botan/exceptn.h> |
12 | | #include <botan/mem_ops.h> |
13 | | |
14 | | #include <algorithm> |
15 | | #include <chrono> |
16 | | #include <cstdlib> |
17 | | |
18 | | #if defined(BOTAN_TARGET_OS_HAS_THREADS) |
19 | | #include <thread> |
20 | | #endif |
21 | | |
22 | | #if defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) |
23 | | #include <string.h> |
24 | | #endif |
25 | | |
26 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
27 | | #include <sys/types.h> |
28 | | #include <sys/resource.h> |
29 | | #include <sys/mman.h> |
30 | | #include <signal.h> |
31 | | #include <stdlib.h> |
32 | | #include <setjmp.h> |
33 | | #include <unistd.h> |
34 | | #include <errno.h> |
35 | | #include <termios.h> |
36 | | #undef B0 |
37 | | #endif |
38 | | |
39 | | #if defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
40 | | #include <emscripten/emscripten.h> |
41 | | #endif |
42 | | |
43 | | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) || defined(BOTAN_TARGET_OS_IS_ANDROID) || \ |
44 | | defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) |
45 | | #include <sys/auxv.h> |
46 | | #endif |
47 | | |
48 | | #if defined(BOTAN_TARGET_OS_HAS_AUXINFO) |
49 | | #include <dlfcn.h> |
50 | | #include <elf.h> |
51 | | #endif |
52 | | |
53 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) |
54 | | #define NOMINMAX 1 |
55 | | #define _WINSOCKAPI_ // stop windows.h including winsock.h |
56 | | #include <windows.h> |
57 | | #endif |
58 | | |
59 | | #if defined(BOTAN_TARGET_OS_IS_ANDROID) |
60 | | #include <elf.h> |
61 | | extern "C" char **environ; |
62 | | #endif |
63 | | |
64 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
65 | | #include <sys/types.h> |
66 | | #include <sys/sysctl.h> |
67 | | #include <mach/vm_statistics.h> |
68 | | #endif |
69 | | |
70 | | namespace Botan { |
71 | | |
72 | | // Not defined in OS namespace for historical reasons |
73 | | void secure_scrub_memory(void* ptr, size_t n) |
74 | 84.3M | { |
75 | | #if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY) |
76 | | ::RtlSecureZeroMemory(ptr, n); |
77 | | |
78 | | #elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) |
79 | | ::explicit_bzero(ptr, n); |
80 | | |
81 | | #elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_MEMSET) |
82 | | (void)::explicit_memset(ptr, 0, n); |
83 | | |
84 | | #elif defined(BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO) && (BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO == 1) |
85 | | /* |
86 | | Call memset through a static volatile pointer, which the compiler |
87 | | should not elide. This construct should be safe in conforming |
88 | | compilers, but who knows. I did confirm that on x86-64 GCC 6.1 and |
89 | | Clang 3.8 both create code that saves the memset address in the |
90 | | data segment and unconditionally loads and jumps to that address. |
91 | | */ |
92 | 84.3M | static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset; |
93 | 84.3M | (memset_ptr)(ptr, 0, n); |
94 | | #else |
95 | | |
96 | | volatile uint8_t* p = reinterpret_cast<volatile uint8_t*>(ptr); |
97 | | |
98 | | for(size_t i = 0; i != n; ++i) |
99 | | p[i] = 0; |
100 | | #endif |
101 | 84.3M | } |
102 | | |
103 | | uint32_t OS::get_process_id() |
104 | 477k | { |
105 | 477k | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
106 | 477k | return ::getpid(); |
107 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) |
108 | | return ::GetCurrentProcessId(); |
109 | | #elif defined(BOTAN_TARGET_OS_IS_INCLUDEOS) || defined(BOTAN_TARGET_OS_IS_LLVM) || defined(BOTAN_TARGET_OS_IS_NONE) |
110 | | return 0; // truly no meaningful value |
111 | | #else |
112 | | #error "Missing get_process_id" |
113 | | #endif |
114 | 477k | } |
115 | | |
116 | | size_t OS::get_cache_line_size() |
117 | 0 | { |
118 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
119 | | unsigned long cache_line_size_vl; |
120 | | size_t size = sizeof(cache_line_size_vl); |
121 | | if(::sysctlbyname("hw.cachelinesize", &cache_line_size_vl, &size, nullptr, 0) == 0) |
122 | | return static_cast<size_t>(cache_line_size_vl); |
123 | | #endif |
124 | |
|
125 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(_SC_LEVEL1_DCACHE_LINESIZE) |
126 | 0 | const long res = ::sysconf(_SC_LEVEL1_DCACHE_LINESIZE); |
127 | 0 | if(res > 0) |
128 | 0 | return static_cast<size_t>(res); |
129 | 0 | #endif |
130 | | |
131 | 0 | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) |
132 | | |
133 | | #if defined(AT_L1D_CACHEGEOMETRY) |
134 | | // Cache line size is bottom 16 bits |
135 | | const unsigned long dcache_info = OS::get_auxval(AT_L1D_CACHEGEOMETRY); |
136 | | if(dcache_info != 0) |
137 | | return static_cast<size_t>(dcache_info & 0xFFFF); |
138 | | #endif |
139 | | |
140 | 0 | #if defined(AT_DCACHEBSIZE) |
141 | 0 | const unsigned long dcache_bsize = OS::get_auxval(AT_DCACHEBSIZE); |
142 | 0 | if(dcache_bsize != 0) |
143 | 0 | return static_cast<size_t>(dcache_bsize); |
144 | 0 | #endif |
145 | | |
146 | 0 | #endif |
147 | | |
148 | | // TODO: on Windows this is returned by GetLogicalProcessorInformation |
149 | | |
150 | | // not available on this platform |
151 | 0 | return 0; |
152 | 0 | } |
153 | | |
154 | | unsigned long OS::get_auxval(unsigned long id) |
155 | 0 | { |
156 | 0 | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) |
157 | 0 | return ::getauxval(id); |
158 | | #elif defined(BOTAN_TARGET_OS_IS_ANDROID) && defined(BOTAN_TARGET_ARCH_IS_ARM32) |
159 | | |
160 | | if(id == 0) |
161 | | return 0; |
162 | | |
163 | | char **p = environ; |
164 | | |
165 | | while(*p++ != nullptr) |
166 | | ; |
167 | | |
168 | | Elf32_auxv_t *e = reinterpret_cast<Elf32_auxv_t*>(p); |
169 | | |
170 | | while(e != nullptr) |
171 | | { |
172 | | if(e->a_type == id) |
173 | | return e->a_un.a_val; |
174 | | e++; |
175 | | } |
176 | | |
177 | | return 0; |
178 | | #elif defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) |
179 | | unsigned long auxinfo = 0; |
180 | | ::elf_aux_info(static_cast<int>(id), &auxinfo, sizeof(auxinfo)); |
181 | | return auxinfo; |
182 | | #elif defined(BOTAN_TARGET_OS_HAS_AUXINFO) |
183 | | for (const AuxInfo *auxinfo = static_cast<AuxInfo *>(::_dlauxinfo()); auxinfo != AT_NULL; ++auxinfo) |
184 | | { |
185 | | if (id == auxinfo->a_type) |
186 | | return auxinfo->a_v; |
187 | | } |
188 | | |
189 | | return 0; |
190 | | #else |
191 | | BOTAN_UNUSED(id); |
192 | | return 0; |
193 | | #endif |
194 | 0 | } |
195 | | |
196 | | bool OS::running_in_privileged_state() |
197 | 0 | { |
198 | 0 | #if defined(AT_SECURE) |
199 | 0 | return OS::get_auxval(AT_SECURE) != 0; |
200 | | #elif defined(BOTAN_TARGET_OS_HAS_POSIX1) |
201 | | return (::getuid() != ::geteuid()) || (::getgid() != ::getegid()); |
202 | | #else |
203 | | return false; |
204 | | #endif |
205 | 0 | } |
206 | | |
207 | | uint64_t OS::get_cpu_cycle_counter() |
208 | 0 | { |
209 | 0 | uint64_t rtc = 0; |
210 | |
|
211 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) |
212 | | LARGE_INTEGER tv; |
213 | | ::QueryPerformanceCounter(&tv); |
214 | | rtc = tv.QuadPart; |
215 | | |
216 | | #elif defined(BOTAN_USE_GCC_INLINE_ASM) |
217 | |
|
218 | 0 | #if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) |
219 | |
|
220 | 0 | if(CPUID::has_rdtsc()) |
221 | 0 | { |
222 | 0 | uint32_t rtc_low = 0, rtc_high = 0; |
223 | 0 | asm volatile("rdtsc" : "=d" (rtc_high), "=a" (rtc_low)); |
224 | 0 | rtc = (static_cast<uint64_t>(rtc_high) << 32) | rtc_low; |
225 | 0 | } |
226 | |
|
227 | | #elif defined(BOTAN_TARGET_ARCH_IS_PPC64) |
228 | | |
229 | | for(;;) |
230 | | { |
231 | | uint32_t rtc_low = 0, rtc_high = 0, rtc_high2 = 0; |
232 | | asm volatile("mftbu %0" : "=r" (rtc_high)); |
233 | | asm volatile("mftb %0" : "=r" (rtc_low)); |
234 | | asm volatile("mftbu %0" : "=r" (rtc_high2)); |
235 | | |
236 | | if(rtc_high == rtc_high2) |
237 | | { |
238 | | rtc = (static_cast<uint64_t>(rtc_high) << 32) | rtc_low; |
239 | | break; |
240 | | } |
241 | | } |
242 | | |
243 | | #elif defined(BOTAN_TARGET_ARCH_IS_ALPHA) |
244 | | asm volatile("rpcc %0" : "=r" (rtc)); |
245 | | |
246 | | // OpenBSD does not trap access to the %tick register |
247 | | #elif defined(BOTAN_TARGET_ARCH_IS_SPARC64) && !defined(BOTAN_TARGET_OS_IS_OPENBSD) |
248 | | asm volatile("rd %%tick, %0" : "=r" (rtc)); |
249 | | |
250 | | #elif defined(BOTAN_TARGET_ARCH_IS_IA64) |
251 | | asm volatile("mov %0=ar.itc" : "=r" (rtc)); |
252 | | |
253 | | #elif defined(BOTAN_TARGET_ARCH_IS_S390X) |
254 | | asm volatile("stck 0(%0)" : : "a" (&rtc) : "memory", "cc"); |
255 | | |
256 | | #elif defined(BOTAN_TARGET_ARCH_IS_HPPA) |
257 | | asm volatile("mfctl 16,%0" : "=r" (rtc)); // 64-bit only? |
258 | | |
259 | | #else |
260 | | //#warning "OS::get_cpu_cycle_counter not implemented" |
261 | | #endif |
262 | |
|
263 | 0 | #endif |
264 | |
|
265 | 0 | return rtc; |
266 | 0 | } |
267 | | |
268 | | size_t OS::get_cpu_total() |
269 | 0 | { |
270 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(_SC_NPROCESSORS_CONF) |
271 | 0 | const long res = ::sysconf(_SC_NPROCESSORS_CONF); |
272 | 0 | if(res > 0) |
273 | 0 | return static_cast<size_t>(res); |
274 | 0 | #endif |
275 | | |
276 | 0 | #if defined(BOTAN_TARGET_OS_HAS_THREADS) |
277 | 0 | return static_cast<size_t>(std::thread::hardware_concurrency()); |
278 | | #else |
279 | | return 1; |
280 | | #endif |
281 | 0 | } |
282 | | |
283 | | size_t OS::get_cpu_available() |
284 | 0 | { |
285 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(_SC_NPROCESSORS_ONLN) |
286 | 0 | const long res = ::sysconf(_SC_NPROCESSORS_ONLN); |
287 | 0 | if(res > 0) |
288 | 0 | return static_cast<size_t>(res); |
289 | 0 | #endif |
290 | | |
291 | 0 | return OS::get_cpu_total(); |
292 | 0 | } |
293 | | |
294 | | uint64_t OS::get_high_resolution_clock() |
295 | 0 | { |
296 | 0 | if(uint64_t cpu_clock = OS::get_cpu_cycle_counter()) |
297 | 0 | return cpu_clock; |
298 | | |
299 | | #if defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
300 | | return emscripten_get_now(); |
301 | | #endif |
302 | | |
303 | | /* |
304 | | If we got here either we either don't have an asm instruction |
305 | | above, or (for x86) RDTSC is not available at runtime. Try some |
306 | | clock_gettimes and return the first one that works, or otherwise |
307 | | fall back to std::chrono. |
308 | | */ |
309 | | |
310 | 0 | #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) |
311 | | |
312 | | // The ordering here is somewhat arbitrary... |
313 | 0 | const clockid_t clock_types[] = { |
314 | | #if defined(CLOCK_MONOTONIC_HR) |
315 | | CLOCK_MONOTONIC_HR, |
316 | | #endif |
317 | 0 | #if defined(CLOCK_MONOTONIC_RAW) |
318 | 0 | CLOCK_MONOTONIC_RAW, |
319 | 0 | #endif |
320 | 0 | #if defined(CLOCK_MONOTONIC) |
321 | 0 | CLOCK_MONOTONIC, |
322 | 0 | #endif |
323 | 0 | #if defined(CLOCK_PROCESS_CPUTIME_ID) |
324 | 0 | CLOCK_PROCESS_CPUTIME_ID, |
325 | 0 | #endif |
326 | 0 | #if defined(CLOCK_THREAD_CPUTIME_ID) |
327 | 0 | CLOCK_THREAD_CPUTIME_ID, |
328 | 0 | #endif |
329 | 0 | }; |
330 | |
|
331 | 0 | for(clockid_t clock : clock_types) |
332 | 0 | { |
333 | 0 | struct timespec ts; |
334 | 0 | if(::clock_gettime(clock, &ts) == 0) |
335 | 0 | { |
336 | 0 | return (static_cast<uint64_t>(ts.tv_sec) * 1000000000) + static_cast<uint64_t>(ts.tv_nsec); |
337 | 0 | } |
338 | 0 | } |
339 | 0 | #endif |
340 | | |
341 | | // Plain C++11 fallback |
342 | 0 | auto now = std::chrono::high_resolution_clock::now().time_since_epoch(); |
343 | 0 | return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); |
344 | 0 | } |
345 | | |
346 | | uint64_t OS::get_system_timestamp_ns() |
347 | 0 | { |
348 | 0 | #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) |
349 | 0 | struct timespec ts; |
350 | 0 | if(::clock_gettime(CLOCK_REALTIME, &ts) == 0) |
351 | 0 | { |
352 | 0 | return (static_cast<uint64_t>(ts.tv_sec) * 1000000000) + static_cast<uint64_t>(ts.tv_nsec); |
353 | 0 | } |
354 | 0 | #endif |
355 | | |
356 | 0 | auto now = std::chrono::system_clock::now().time_since_epoch(); |
357 | 0 | return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); |
358 | 0 | } |
359 | | |
360 | | size_t OS::system_page_size() |
361 | 0 | { |
362 | 0 | const size_t default_page_size = 4096; |
363 | |
|
364 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
365 | 0 | long p = ::sysconf(_SC_PAGESIZE); |
366 | 0 | if(p > 1) |
367 | 0 | return static_cast<size_t>(p); |
368 | 0 | else |
369 | 0 | return default_page_size; |
370 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
371 | | BOTAN_UNUSED(default_page_size); |
372 | | SYSTEM_INFO sys_info; |
373 | | ::GetSystemInfo(&sys_info); |
374 | | return sys_info.dwPageSize; |
375 | | #else |
376 | | return default_page_size; |
377 | | #endif |
378 | 0 | } |
379 | | |
380 | | size_t OS::get_memory_locking_limit() |
381 | 0 | { |
382 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) && defined(RLIMIT_MEMLOCK) |
383 | | /* |
384 | | * If RLIMIT_MEMLOCK is not defined, likely the OS does not support |
385 | | * unprivileged mlock calls. |
386 | | * |
387 | | * Linux defaults to only 64 KiB of mlockable memory per process |
388 | | * (too small) but BSDs offer a small fraction of total RAM (more |
389 | | * than we need). Bound the total mlock size to 512 KiB which is |
390 | | * enough to run the entire test suite without spilling to non-mlock |
391 | | * memory (and thus presumably also enough for many useful |
392 | | * programs), but small enough that we should not cause problems |
393 | | * even if many processes are mlocking on the same machine. |
394 | | */ |
395 | 0 | const size_t user_req = read_env_variable_sz("BOTAN_MLOCK_POOL_SIZE", BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB); |
396 | |
|
397 | 0 | const size_t mlock_requested = std::min<size_t>(user_req, BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB); |
398 | |
|
399 | 0 | if(mlock_requested > 0) |
400 | 0 | { |
401 | 0 | struct ::rlimit limits; |
402 | |
|
403 | 0 | ::getrlimit(RLIMIT_MEMLOCK, &limits); |
404 | |
|
405 | 0 | if(limits.rlim_cur < limits.rlim_max) |
406 | 0 | { |
407 | 0 | limits.rlim_cur = limits.rlim_max; |
408 | 0 | ::setrlimit(RLIMIT_MEMLOCK, &limits); |
409 | 0 | ::getrlimit(RLIMIT_MEMLOCK, &limits); |
410 | 0 | } |
411 | |
|
412 | 0 | return std::min<size_t>(limits.rlim_cur, mlock_requested * 1024); |
413 | 0 | } |
414 | | |
415 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
416 | | SIZE_T working_min = 0, working_max = 0; |
417 | | if(!::GetProcessWorkingSetSize(::GetCurrentProcess(), &working_min, &working_max)) |
418 | | { |
419 | | return 0; |
420 | | } |
421 | | |
422 | | // According to Microsoft MSDN: |
423 | | // The maximum number of pages that a process can lock is equal to the number of pages in its minimum working set minus a small overhead |
424 | | // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages |
425 | | // But the information in the book seems to be inaccurate/outdated |
426 | | // I've tested this on Windows 8.1 x64, Windows 10 x64 and Windows 7 x86 |
427 | | // On all three OS the value is 11 instead of 8 |
428 | | const size_t overhead = OS::system_page_size() * 11; |
429 | | if(working_min > overhead) |
430 | | { |
431 | | const size_t lockable_bytes = working_min - overhead; |
432 | | return std::min<size_t>(lockable_bytes, BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB * 1024); |
433 | | } |
434 | | #endif |
435 | | |
436 | | // Not supported on this platform |
437 | 0 | return 0; |
438 | 0 | } |
439 | | |
440 | | bool OS::read_env_variable(std::string& value_out, const std::string& name) |
441 | 0 | { |
442 | 0 | value_out = ""; |
443 | |
|
444 | 0 | if(running_in_privileged_state()) |
445 | 0 | return false; |
446 | | |
447 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) |
448 | | char val[128] = { 0 }; |
449 | | size_t req_size = 0; |
450 | | if(getenv_s(&req_size, val, sizeof(val), name.c_str()) == 0) |
451 | | { |
452 | | value_out = std::string(val, req_size); |
453 | | return true; |
454 | | } |
455 | | #else |
456 | 0 | if(const char* val = std::getenv(name.c_str())) |
457 | 0 | { |
458 | 0 | value_out = val; |
459 | 0 | return true; |
460 | 0 | } |
461 | 0 | #endif |
462 | | |
463 | 0 | return false; |
464 | 0 | } |
465 | | |
466 | | size_t OS::read_env_variable_sz(const std::string& name, size_t def) |
467 | 0 | { |
468 | 0 | std::string value; |
469 | 0 | if(read_env_variable(value, name)) |
470 | 0 | { |
471 | 0 | try |
472 | 0 | { |
473 | 0 | const size_t val = std::stoul(value, nullptr); |
474 | 0 | return val; |
475 | 0 | } |
476 | 0 | catch(std::exception&) { /* ignore it */ } |
477 | 0 | } |
478 | |
|
479 | 0 | return def; |
480 | 0 | } |
481 | | |
482 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
483 | | |
484 | | namespace { |
485 | | |
486 | | int get_locked_fd() |
487 | 0 | { |
488 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
489 | | // On Darwin, tagging anonymous pages allows vmmap to track these. |
490 | | // Allowed from 240 to 255 for userland applications |
491 | | static constexpr int default_locked_fd = 255; |
492 | | int locked_fd = default_locked_fd; |
493 | | |
494 | | if(size_t locked_fdl = OS::read_env_variable_sz("BOTAN_LOCKED_FD", default_locked_fd)) |
495 | | { |
496 | | if(locked_fdl < 240 || locked_fdl > 255) |
497 | | { |
498 | | locked_fdl = default_locked_fd; |
499 | | } |
500 | | locked_fd = static_cast<int>(locked_fdl); |
501 | | } |
502 | | return VM_MAKE_TAG(locked_fd); |
503 | | #else |
504 | 0 | return -1; |
505 | 0 | #endif |
506 | 0 | } |
507 | | |
508 | | } |
509 | | |
510 | | #endif |
511 | | |
512 | | std::vector<void*> OS::allocate_locked_pages(size_t count) |
513 | 0 | { |
514 | 0 | std::vector<void*> result; |
515 | |
|
516 | 0 | #if (defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK)) || defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
517 | |
|
518 | 0 | result.reserve(count); |
519 | |
|
520 | 0 | const size_t page_size = OS::system_page_size(); |
521 | |
|
522 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
523 | 0 | static const int locked_fd = get_locked_fd(); |
524 | 0 | #endif |
525 | |
|
526 | 0 | for(size_t i = 0; i != count; ++i) |
527 | 0 | { |
528 | 0 | void* ptr = nullptr; |
529 | |
|
530 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
531 | |
|
532 | | #if !defined(MAP_ANONYMOUS) |
533 | | #define MAP_ANONYMOUS MAP_ANON |
534 | | #endif |
535 | |
|
536 | 0 | #if !defined(MAP_NOCORE) |
537 | | #if defined(MAP_CONCEAL) |
538 | | #define MAP_NOCORE MAP_CONCEAL |
539 | | #else |
540 | 0 | #define MAP_NOCORE 0 |
541 | 0 | #endif |
542 | 0 | #endif |
543 | |
|
544 | 0 | #if !defined(PROT_MAX) |
545 | 0 | #define PROT_MAX(p) 0 |
546 | 0 | #endif |
547 | 0 | const int pflags = PROT_READ | PROT_WRITE; |
548 | |
|
549 | 0 | ptr = ::mmap(nullptr, 3*page_size, |
550 | 0 | pflags | PROT_MAX(pflags), |
551 | 0 | MAP_ANONYMOUS | MAP_PRIVATE | MAP_NOCORE, |
552 | 0 | /*fd=*/locked_fd, /*offset=*/0); |
553 | |
|
554 | 0 | if(ptr == MAP_FAILED) |
555 | 0 | { |
556 | 0 | continue; |
557 | 0 | } |
558 | | |
559 | | // lock the data page |
560 | 0 | if(::mlock(static_cast<uint8_t*>(ptr) + page_size, page_size) != 0) |
561 | 0 | { |
562 | 0 | ::munmap(ptr, 3*page_size); |
563 | 0 | continue; |
564 | 0 | } |
565 | | |
566 | 0 | #if defined(MADV_DONTDUMP) |
567 | | // we ignore errors here, as DONTDUMP is just a bonus |
568 | 0 | ::madvise(static_cast<uint8_t*>(ptr) + page_size, page_size, MADV_DONTDUMP); |
569 | 0 | #endif |
570 | |
|
571 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
572 | | ptr = ::VirtualAlloc(nullptr, 3*page_size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); |
573 | | |
574 | | if(ptr == nullptr) |
575 | | continue; |
576 | | |
577 | | if(::VirtualLock(static_cast<uint8_t*>(ptr) + page_size, page_size) == 0) |
578 | | { |
579 | | ::VirtualFree(ptr, 0, MEM_RELEASE); |
580 | | continue; |
581 | | } |
582 | | #endif |
583 | |
|
584 | 0 | std::memset(ptr, 0, 3*page_size); // zero data page and both guard pages |
585 | | |
586 | | // Make guard page preceeding the data page |
587 | 0 | page_prohibit_access(static_cast<uint8_t*>(ptr)); |
588 | | // Make guard page following the data page |
589 | 0 | page_prohibit_access(static_cast<uint8_t*>(ptr) + 2*page_size); |
590 | |
|
591 | 0 | result.push_back(static_cast<uint8_t*>(ptr) + page_size); |
592 | 0 | } |
593 | | #else |
594 | | BOTAN_UNUSED(count); |
595 | | #endif |
596 | |
|
597 | 0 | return result; |
598 | 0 | } |
599 | | |
600 | | void OS::page_allow_access(void* page) |
601 | 0 | { |
602 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
603 | 0 | const size_t page_size = OS::system_page_size(); |
604 | 0 | ::mprotect(page, page_size, PROT_READ | PROT_WRITE); |
605 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
606 | | const size_t page_size = OS::system_page_size(); |
607 | | DWORD old_perms = 0; |
608 | | ::VirtualProtect(page, page_size, PAGE_READWRITE, &old_perms); |
609 | | BOTAN_UNUSED(old_perms); |
610 | | #else |
611 | | BOTAN_UNUSED(page); |
612 | | #endif |
613 | 0 | } |
614 | | |
615 | | void OS::page_prohibit_access(void* page) |
616 | 0 | { |
617 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
618 | 0 | const size_t page_size = OS::system_page_size(); |
619 | 0 | ::mprotect(page, page_size, PROT_NONE); |
620 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
621 | | const size_t page_size = OS::system_page_size(); |
622 | | DWORD old_perms = 0; |
623 | | ::VirtualProtect(page, page_size, PAGE_NOACCESS, &old_perms); |
624 | | BOTAN_UNUSED(old_perms); |
625 | | #else |
626 | | BOTAN_UNUSED(page); |
627 | | #endif |
628 | 0 | } |
629 | | |
630 | | void OS::free_locked_pages(const std::vector<void*>& pages) |
631 | 0 | { |
632 | 0 | const size_t page_size = OS::system_page_size(); |
633 | |
|
634 | 0 | for(size_t i = 0; i != pages.size(); ++i) |
635 | 0 | { |
636 | 0 | void* ptr = pages[i]; |
637 | |
|
638 | 0 | secure_scrub_memory(ptr, page_size); |
639 | | |
640 | | // ptr points to the data page, guard pages are before and after |
641 | 0 | page_allow_access(static_cast<uint8_t*>(ptr) - page_size); |
642 | 0 | page_allow_access(static_cast<uint8_t*>(ptr) + page_size); |
643 | |
|
644 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
645 | 0 | ::munlock(ptr, page_size); |
646 | 0 | ::munmap(static_cast<uint8_t*>(ptr) - page_size, 3*page_size); |
647 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
648 | | ::VirtualUnlock(ptr, page_size); |
649 | | ::VirtualFree(static_cast<uint8_t*>(ptr) - page_size, 0, MEM_RELEASE); |
650 | | #endif |
651 | 0 | } |
652 | 0 | } |
653 | | |
654 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && !defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
655 | | |
656 | | namespace { |
657 | | |
658 | | static ::sigjmp_buf g_sigill_jmp_buf; |
659 | | |
660 | | void botan_sigill_handler(int) |
661 | 0 | { |
662 | 0 | siglongjmp(g_sigill_jmp_buf, /*non-zero return value*/1); |
663 | 0 | } |
664 | | |
665 | | } |
666 | | |
667 | | #endif |
668 | | |
669 | | int OS::run_cpu_instruction_probe(std::function<int ()> probe_fn) |
670 | 0 | { |
671 | 0 | volatile int probe_result = -3; |
672 | |
|
673 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && !defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
674 | 0 | struct sigaction old_sigaction; |
675 | 0 | struct sigaction sigaction; |
676 | |
|
677 | 0 | sigaction.sa_handler = botan_sigill_handler; |
678 | 0 | sigemptyset(&sigaction.sa_mask); |
679 | 0 | sigaction.sa_flags = 0; |
680 | |
|
681 | 0 | int rc = ::sigaction(SIGILL, &sigaction, &old_sigaction); |
682 | |
|
683 | 0 | if(rc != 0) |
684 | 0 | throw System_Error("run_cpu_instruction_probe sigaction failed", errno); |
685 | | |
686 | 0 | rc = sigsetjmp(g_sigill_jmp_buf, /*save sigs*/1); |
687 | |
|
688 | 0 | if(rc == 0) |
689 | 0 | { |
690 | | // first call to sigsetjmp |
691 | 0 | probe_result = probe_fn(); |
692 | 0 | } |
693 | 0 | else if(rc == 1) |
694 | 0 | { |
695 | | // non-local return from siglongjmp in signal handler: return error |
696 | 0 | probe_result = -1; |
697 | 0 | } |
698 | | |
699 | | // Restore old SIGILL handler, if any |
700 | 0 | rc = ::sigaction(SIGILL, &old_sigaction, nullptr); |
701 | 0 | if(rc != 0) |
702 | 0 | throw System_Error("run_cpu_instruction_probe sigaction restore failed", errno); |
703 | | |
704 | | #else |
705 | | BOTAN_UNUSED(probe_fn); |
706 | | #endif |
707 | | |
708 | 0 | return probe_result; |
709 | 0 | } |
710 | | |
711 | | std::unique_ptr<OS::Echo_Suppression> OS::suppress_echo_on_terminal() |
712 | 0 | { |
713 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
714 | 0 | class POSIX_Echo_Suppression : public Echo_Suppression |
715 | 0 | { |
716 | 0 | public: |
717 | 0 | POSIX_Echo_Suppression() |
718 | 0 | { |
719 | 0 | m_stdin_fd = fileno(stdin); |
720 | 0 | if(::tcgetattr(m_stdin_fd, &m_old_termios) != 0) |
721 | 0 | throw System_Error("Getting terminal status failed", errno); |
722 | | |
723 | 0 | struct termios noecho_flags = m_old_termios; |
724 | 0 | noecho_flags.c_lflag &= ~ECHO; |
725 | 0 | noecho_flags.c_lflag |= ECHONL; |
726 | |
|
727 | 0 | if(::tcsetattr(m_stdin_fd, TCSANOW, &noecho_flags) != 0) |
728 | 0 | throw System_Error("Clearing terminal echo bit failed", errno); |
729 | 0 | } |
730 | |
|
731 | 0 | void reenable_echo() override |
732 | 0 | { |
733 | 0 | if(m_stdin_fd > 0) |
734 | 0 | { |
735 | 0 | if(::tcsetattr(m_stdin_fd, TCSANOW, &m_old_termios) != 0) |
736 | 0 | throw System_Error("Restoring terminal echo bit failed", errno); |
737 | 0 | m_stdin_fd = -1; |
738 | 0 | } |
739 | 0 | } |
740 | |
|
741 | 0 | ~POSIX_Echo_Suppression() |
742 | 0 | { |
743 | 0 | try |
744 | 0 | { |
745 | 0 | reenable_echo(); |
746 | 0 | } |
747 | 0 | catch(...) |
748 | 0 | { |
749 | 0 | } |
750 | 0 | } |
751 | |
|
752 | 0 | private: |
753 | 0 | int m_stdin_fd; |
754 | 0 | struct termios m_old_termios; |
755 | 0 | }; |
756 | |
|
757 | 0 | return std::make_unique<POSIX_Echo_Suppression>(); |
758 | |
|
759 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) |
760 | | |
761 | | class Win32_Echo_Suppression : public Echo_Suppression |
762 | | { |
763 | | public: |
764 | | Win32_Echo_Suppression() |
765 | | { |
766 | | m_input_handle = ::GetStdHandle(STD_INPUT_HANDLE); |
767 | | if(::GetConsoleMode(m_input_handle, &m_console_state) == 0) |
768 | | throw System_Error("Getting console mode failed", ::GetLastError()); |
769 | | |
770 | | DWORD new_mode = ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT; |
771 | | if(::SetConsoleMode(m_input_handle, new_mode) == 0) |
772 | | throw System_Error("Setting console mode failed", ::GetLastError()); |
773 | | } |
774 | | |
775 | | void reenable_echo() override |
776 | | { |
777 | | if(m_input_handle != INVALID_HANDLE_VALUE) |
778 | | { |
779 | | if(::SetConsoleMode(m_input_handle, m_console_state) == 0) |
780 | | throw System_Error("Setting console mode failed", ::GetLastError()); |
781 | | m_input_handle = INVALID_HANDLE_VALUE; |
782 | | } |
783 | | } |
784 | | |
785 | | ~Win32_Echo_Suppression() |
786 | | { |
787 | | try |
788 | | { |
789 | | reenable_echo(); |
790 | | } |
791 | | catch(...) |
792 | | { |
793 | | } |
794 | | } |
795 | | |
796 | | private: |
797 | | HANDLE m_input_handle; |
798 | | DWORD m_console_state; |
799 | | }; |
800 | | |
801 | | return std::make_unique<Win32_Echo_Suppression>(); |
802 | | |
803 | | #else |
804 | | |
805 | | // Not supported on this platform, return null |
806 | | return nullptr; |
807 | | #endif |
808 | 0 | } |
809 | | |
810 | | } |