/src/botan/src/lib/utils/os_utils.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * OS and machine specific utility functions |
3 | | * (C) 2015,2016,2017,2018 Jack Lloyd |
4 | | * (C) 2016 Daniel Neus |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/internal/os_utils.h> |
10 | | |
11 | | #include <botan/exceptn.h> |
12 | | #include <botan/mem_ops.h> |
13 | | #include <botan/internal/cpuid.h> |
14 | | |
15 | | #include <algorithm> |
16 | | #include <chrono> |
17 | | #include <cstdlib> |
18 | | #include <iomanip> |
19 | | #include <sstream> |
20 | | |
21 | | #if defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) |
22 | | #include <string.h> |
23 | | #endif |
24 | | |
25 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
26 | | #include <errno.h> |
27 | | #include <pthread.h> |
28 | | #include <setjmp.h> |
29 | | #include <signal.h> |
30 | | #include <stdlib.h> |
31 | | #include <sys/mman.h> |
32 | | #include <sys/resource.h> |
33 | | #include <sys/types.h> |
34 | | #include <termios.h> |
35 | | #include <unistd.h> |
36 | | #undef B0 |
37 | | #endif |
38 | | |
39 | | #if defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
40 | | #include <emscripten/emscripten.h> |
41 | | #endif |
42 | | |
43 | | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) || defined(BOTAN_TARGET_OS_IS_ANDROID) || \ |
44 | | defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) |
45 | | #include <sys/auxv.h> |
46 | | #endif |
47 | | |
48 | | #if defined(BOTAN_TARGET_OS_HAS_AUXINFO) |
49 | | #include <dlfcn.h> |
50 | | #include <elf.h> |
51 | | #endif |
52 | | |
53 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) |
54 | | #define NOMINMAX 1 |
55 | | #define _WINSOCKAPI_ // stop windows.h including winsock.h |
56 | | #include <windows.h> |
57 | | #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) |
58 | | #include <libloaderapi.h> |
59 | | #include <stringapiset.h> |
60 | | #endif |
61 | | #endif |
62 | | |
63 | | #if defined(BOTAN_TARGET_OS_IS_ANDROID) |
64 | | #include <elf.h> |
65 | | extern "C" char** environ; |
66 | | #endif |
67 | | |
68 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
69 | | #include <mach/vm_statistics.h> |
70 | | #include <sys/sysctl.h> |
71 | | #include <sys/types.h> |
72 | | #endif |
73 | | |
74 | | #if defined(BOTAN_TARGET_OS_HAS_PRCTL) |
75 | | #include <sys/prctl.h> |
76 | | #endif |
77 | | |
78 | | #if defined(BOTAN_TARGET_OS_IS_FREEBSD) || defined(BOTAN_TARGET_OS_IS_OPENBSD) || defined(BOTAN_TARGET_OS_IS_DRAGONFLY) |
79 | | #include <pthread_np.h> |
80 | | #endif |
81 | | |
82 | | #if defined(BOTAN_TARGET_OS_IS_HAIKU) |
83 | | #include <kernel/OS.h> |
84 | | #endif |
85 | | |
86 | | namespace Botan { |
87 | | |
88 | | // Not defined in OS namespace for historical reasons |
89 | 15.3M | void secure_scrub_memory(void* ptr, size_t n) { |
90 | | #if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY) |
91 | | ::RtlSecureZeroMemory(ptr, n); |
92 | | |
93 | | #elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) |
94 | 15.3M | ::explicit_bzero(ptr, n); |
95 | | |
96 | | #elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_MEMSET) |
97 | | (void)::explicit_memset(ptr, 0, n); |
98 | | |
99 | | #elif defined(BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO) && (BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO == 1) |
100 | | /* |
101 | | Call memset through a static volatile pointer, which the compiler |
102 | | should not elide. This construct should be safe in conforming |
103 | | compilers, but who knows. I did confirm that on x86-64 GCC 6.1 and |
104 | | Clang 3.8 both create code that saves the memset address in the |
105 | | data segment and unconditionally loads and jumps to that address. |
106 | | */ |
107 | | static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset; |
108 | | (memset_ptr)(ptr, 0, n); |
109 | | #else |
110 | | |
111 | | volatile uint8_t* p = reinterpret_cast<volatile uint8_t*>(ptr); |
112 | | |
113 | | for(size_t i = 0; i != n; ++i) |
114 | | p[i] = 0; |
115 | | #endif |
116 | 15.3M | } |
117 | | |
118 | 293 | uint32_t OS::get_process_id() { |
119 | 293 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
120 | 293 | return ::getpid(); |
121 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) |
122 | | return ::GetCurrentProcessId(); |
123 | | #elif defined(BOTAN_TARGET_OS_IS_LLVM) || defined(BOTAN_TARGET_OS_IS_NONE) |
124 | | return 0; // truly no meaningful value |
125 | | #else |
126 | | #error "Missing get_process_id" |
127 | | #endif |
128 | 293 | } |
129 | | |
130 | 2 | unsigned long OS::get_auxval(unsigned long id) { |
131 | 2 | #if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) |
132 | 2 | return ::getauxval(id); |
133 | | #elif defined(BOTAN_TARGET_OS_IS_ANDROID) && defined(BOTAN_TARGET_ARCH_IS_ARM32) |
134 | | |
135 | | if(id == 0) |
136 | | return 0; |
137 | | |
138 | | char** p = environ; |
139 | | |
140 | | while(*p++ != nullptr) |
141 | | ; |
142 | | |
143 | | Elf32_auxv_t* e = reinterpret_cast<Elf32_auxv_t*>(p); |
144 | | |
145 | | while(e != nullptr) { |
146 | | if(e->a_type == id) |
147 | | return e->a_un.a_val; |
148 | | e++; |
149 | | } |
150 | | |
151 | | return 0; |
152 | | #elif defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) |
153 | | unsigned long auxinfo = 0; |
154 | | ::elf_aux_info(static_cast<int>(id), &auxinfo, sizeof(auxinfo)); |
155 | | return auxinfo; |
156 | | #elif defined(BOTAN_TARGET_OS_HAS_AUXINFO) |
157 | | for(const AuxInfo* auxinfo = static_cast<AuxInfo*>(::_dlauxinfo()); auxinfo != AT_NULL; ++auxinfo) { |
158 | | if(id == auxinfo->a_type) |
159 | | return auxinfo->a_v; |
160 | | } |
161 | | |
162 | | return 0; |
163 | | #else |
164 | | BOTAN_UNUSED(id); |
165 | | return 0; |
166 | | #endif |
167 | 2 | } |
168 | | |
169 | 2 | bool OS::running_in_privileged_state() { |
170 | 2 | #if defined(AT_SECURE) |
171 | 2 | return OS::get_auxval(AT_SECURE) != 0; |
172 | | #elif defined(BOTAN_TARGET_OS_HAS_POSIX1) |
173 | | return (::getuid() != ::geteuid()) || (::getgid() != ::getegid()); |
174 | | #else |
175 | | return false; |
176 | | #endif |
177 | 2 | } |
178 | | |
179 | 0 | uint64_t OS::get_cpu_cycle_counter() { |
180 | 0 | uint64_t rtc = 0; |
181 | |
|
182 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) |
183 | | LARGE_INTEGER tv; |
184 | | ::QueryPerformanceCounter(&tv); |
185 | | rtc = tv.QuadPart; |
186 | | |
187 | | #elif defined(BOTAN_USE_GCC_INLINE_ASM) |
188 | |
|
189 | 0 | #if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) |
190 | |
|
191 | 0 | if(CPUID::has_rdtsc()) { |
192 | 0 | uint32_t rtc_low = 0, rtc_high = 0; |
193 | 0 | asm volatile("rdtsc" : "=d"(rtc_high), "=a"(rtc_low)); |
194 | 0 | rtc = (static_cast<uint64_t>(rtc_high) << 32) | rtc_low; |
195 | 0 | } |
196 | |
|
197 | | #elif defined(BOTAN_TARGET_ARCH_IS_PPC64) |
198 | | |
199 | | for(;;) { |
200 | | uint32_t rtc_low = 0, rtc_high = 0, rtc_high2 = 0; |
201 | | asm volatile("mftbu %0" : "=r"(rtc_high)); |
202 | | asm volatile("mftb %0" : "=r"(rtc_low)); |
203 | | asm volatile("mftbu %0" : "=r"(rtc_high2)); |
204 | | |
205 | | if(rtc_high == rtc_high2) { |
206 | | rtc = (static_cast<uint64_t>(rtc_high) << 32) | rtc_low; |
207 | | break; |
208 | | } |
209 | | } |
210 | | |
211 | | #elif defined(BOTAN_TARGET_ARCH_IS_ALPHA) |
212 | | asm volatile("rpcc %0" : "=r"(rtc)); |
213 | | |
214 | | // OpenBSD does not trap access to the %tick register |
215 | | #elif defined(BOTAN_TARGET_ARCH_IS_SPARC64) && !defined(BOTAN_TARGET_OS_IS_OPENBSD) |
216 | | asm volatile("rd %%tick, %0" : "=r"(rtc)); |
217 | | |
218 | | #elif defined(BOTAN_TARGET_ARCH_IS_IA64) |
219 | | asm volatile("mov %0=ar.itc" : "=r"(rtc)); |
220 | | |
221 | | #elif defined(BOTAN_TARGET_ARCH_IS_S390X) |
222 | | asm volatile("stck 0(%0)" : : "a"(&rtc) : "memory", "cc"); |
223 | | |
224 | | #elif defined(BOTAN_TARGET_ARCH_IS_HPPA) |
225 | | asm volatile("mfctl 16,%0" : "=r"(rtc)); // 64-bit only? |
226 | | |
227 | | #else |
228 | | //#warning "OS::get_cpu_cycle_counter not implemented" |
229 | | #endif |
230 | |
|
231 | 0 | #endif |
232 | |
|
233 | 0 | return rtc; |
234 | 0 | } |
235 | | |
236 | 1 | size_t OS::get_cpu_available() { |
237 | 1 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
238 | | |
239 | 1 | #if defined(_SC_NPROCESSORS_ONLN) |
240 | 1 | const long cpu_online = ::sysconf(_SC_NPROCESSORS_ONLN); |
241 | 1 | if(cpu_online > 0) { |
242 | 1 | return static_cast<size_t>(cpu_online); |
243 | 1 | } |
244 | 0 | #endif |
245 | | |
246 | 0 | #if defined(_SC_NPROCESSORS_CONF) |
247 | 0 | const long cpu_conf = ::sysconf(_SC_NPROCESSORS_CONF); |
248 | 0 | if(cpu_conf > 0) { |
249 | 0 | return static_cast<size_t>(cpu_conf); |
250 | 0 | } |
251 | 0 | #endif |
252 | | |
253 | 0 | #endif |
254 | | |
255 | 0 | #if defined(BOTAN_TARGET_OS_HAS_THREADS) |
256 | | // hardware_concurrency is allowed to return 0 if the value is not |
257 | | // well defined or not computable. |
258 | 0 | const size_t hw_concur = std::thread::hardware_concurrency(); |
259 | |
|
260 | 0 | if(hw_concur > 0) { |
261 | 0 | return hw_concur; |
262 | 0 | } |
263 | 0 | #endif |
264 | | |
265 | 0 | return 1; |
266 | 0 | } |
267 | | |
268 | 0 | uint64_t OS::get_high_resolution_clock() { |
269 | 0 | if(uint64_t cpu_clock = OS::get_cpu_cycle_counter()) { |
270 | 0 | return cpu_clock; |
271 | 0 | } |
272 | | |
273 | | #if defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
274 | | return emscripten_get_now(); |
275 | | #endif |
276 | | |
277 | | /* |
278 | | If we got here either we either don't have an asm instruction |
279 | | above, or (for x86) RDTSC is not available at runtime. Try some |
280 | | clock_gettimes and return the first one that works, or otherwise |
281 | | fall back to std::chrono. |
282 | | */ |
283 | | |
284 | 0 | #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) |
285 | | |
286 | | // The ordering here is somewhat arbitrary... |
287 | 0 | const clockid_t clock_types[] = { |
288 | | #if defined(CLOCK_MONOTONIC_HR) |
289 | | CLOCK_MONOTONIC_HR, |
290 | | #endif |
291 | 0 | #if defined(CLOCK_MONOTONIC_RAW) |
292 | 0 | CLOCK_MONOTONIC_RAW, |
293 | 0 | #endif |
294 | 0 | #if defined(CLOCK_MONOTONIC) |
295 | 0 | CLOCK_MONOTONIC, |
296 | 0 | #endif |
297 | 0 | #if defined(CLOCK_PROCESS_CPUTIME_ID) |
298 | 0 | CLOCK_PROCESS_CPUTIME_ID, |
299 | 0 | #endif |
300 | 0 | #if defined(CLOCK_THREAD_CPUTIME_ID) |
301 | 0 | CLOCK_THREAD_CPUTIME_ID, |
302 | 0 | #endif |
303 | 0 | }; |
304 | |
|
305 | 0 | for(clockid_t clock : clock_types) { |
306 | 0 | struct timespec ts; |
307 | 0 | if(::clock_gettime(clock, &ts) == 0) { |
308 | 0 | return (static_cast<uint64_t>(ts.tv_sec) * 1000000000) + static_cast<uint64_t>(ts.tv_nsec); |
309 | 0 | } |
310 | 0 | } |
311 | 0 | #endif |
312 | | |
313 | | // Plain C++11 fallback |
314 | 0 | auto now = std::chrono::high_resolution_clock::now().time_since_epoch(); |
315 | 0 | return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); |
316 | 0 | } |
317 | | |
318 | 0 | uint64_t OS::get_system_timestamp_ns() { |
319 | 0 | #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) |
320 | 0 | struct timespec ts; |
321 | 0 | if(::clock_gettime(CLOCK_REALTIME, &ts) == 0) { |
322 | 0 | return (static_cast<uint64_t>(ts.tv_sec) * 1000000000) + static_cast<uint64_t>(ts.tv_nsec); |
323 | 0 | } |
324 | 0 | #endif |
325 | | |
326 | 0 | auto now = std::chrono::system_clock::now().time_since_epoch(); |
327 | 0 | return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); |
328 | 0 | } |
329 | | |
330 | 0 | std::string OS::format_time(time_t time, const std::string& format) { |
331 | 0 | std::tm tm; |
332 | |
|
333 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) |
334 | | localtime_s(&tm, &time); |
335 | | #elif defined(BOTAN_TARGET_OS_HAS_POSIX1) |
336 | 0 | localtime_r(&time, &tm); |
337 | | #else |
338 | | if(auto tmp = std::localtime(&time)) { |
339 | | tm = *tmp; |
340 | | } else { |
341 | | throw Encoding_Error("Could not convert time_t to localtime"); |
342 | | } |
343 | | #endif |
344 | |
|
345 | 0 | std::ostringstream oss; |
346 | 0 | oss << std::put_time(&tm, format.c_str()); |
347 | 0 | return oss.str(); |
348 | 0 | } |
349 | | |
350 | 0 | size_t OS::system_page_size() { |
351 | 0 | const size_t default_page_size = 4096; |
352 | |
|
353 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
354 | 0 | long p = ::sysconf(_SC_PAGESIZE); |
355 | 0 | if(p > 1) { |
356 | 0 | return static_cast<size_t>(p); |
357 | 0 | } else { |
358 | 0 | return default_page_size; |
359 | 0 | } |
360 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
361 | | BOTAN_UNUSED(default_page_size); |
362 | | SYSTEM_INFO sys_info; |
363 | | ::GetSystemInfo(&sys_info); |
364 | | return sys_info.dwPageSize; |
365 | | #else |
366 | | return default_page_size; |
367 | | #endif |
368 | 0 | } |
369 | | |
370 | 0 | size_t OS::get_memory_locking_limit() { |
371 | | /* |
372 | | * Linux defaults to only 64 KiB of mlockable memory per process (too small) |
373 | | * but BSDs offer a small fraction of total RAM (more than we need). Bound the |
374 | | * total mlock size to 512 KiB which is enough to run the entire test suite |
375 | | * without spilling to non-mlock memory (and thus presumably also enough for |
376 | | * many useful programs), but small enough that we should not cause problems |
377 | | * even if many processes are mlocking on the same machine. |
378 | | */ |
379 | 0 | const size_t max_locked_kb = 512; |
380 | | |
381 | | /* |
382 | | * If RLIMIT_MEMLOCK is not defined, likely the OS does not support |
383 | | * unprivileged mlock calls. |
384 | | */ |
385 | 0 | #if defined(RLIMIT_MEMLOCK) && defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
386 | 0 | const size_t mlock_requested = |
387 | 0 | std::min<size_t>(read_env_variable_sz("BOTAN_MLOCK_POOL_SIZE", max_locked_kb), max_locked_kb); |
388 | |
|
389 | 0 | if(mlock_requested > 0) { |
390 | 0 | struct ::rlimit limits; |
391 | |
|
392 | 0 | ::getrlimit(RLIMIT_MEMLOCK, &limits); |
393 | |
|
394 | 0 | if(limits.rlim_cur < limits.rlim_max) { |
395 | 0 | limits.rlim_cur = limits.rlim_max; |
396 | 0 | ::setrlimit(RLIMIT_MEMLOCK, &limits); |
397 | 0 | ::getrlimit(RLIMIT_MEMLOCK, &limits); |
398 | 0 | } |
399 | |
|
400 | 0 | return std::min<size_t>(limits.rlim_cur, mlock_requested * 1024); |
401 | 0 | } |
402 | | |
403 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
404 | | const size_t mlock_requested = |
405 | | std::min<size_t>(read_env_variable_sz("BOTAN_MLOCK_POOL_SIZE", max_locked_kb), max_locked_kb); |
406 | | |
407 | | SIZE_T working_min = 0, working_max = 0; |
408 | | if(!::GetProcessWorkingSetSize(::GetCurrentProcess(), &working_min, &working_max)) { |
409 | | return 0; |
410 | | } |
411 | | |
412 | | // According to Microsoft MSDN: |
413 | | // The maximum number of pages that a process can lock is equal to the number of pages in its minimum working set minus a small overhead |
414 | | // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages |
415 | | // But the information in the book seems to be inaccurate/outdated |
416 | | // I've tested this on Windows 8.1 x64, Windows 10 x64 and Windows 7 x86 |
417 | | // On all three OS the value is 11 instead of 8 |
418 | | const size_t overhead = OS::system_page_size() * 11; |
419 | | if(working_min > overhead) { |
420 | | const size_t lockable_bytes = working_min - overhead; |
421 | | return std::min<size_t>(lockable_bytes, mlock_requested * 1024); |
422 | | } |
423 | | #else |
424 | | // Not supported on this platform |
425 | | BOTAN_UNUSED(max_locked_kb); |
426 | | #endif |
427 | | |
428 | 0 | return 0; |
429 | 0 | } |
430 | | |
431 | 2 | bool OS::read_env_variable(std::string& value_out, std::string_view name_view) { |
432 | 2 | value_out = ""; |
433 | | |
434 | 2 | if(running_in_privileged_state()) { |
435 | 0 | return false; |
436 | 0 | } |
437 | | |
438 | | #if defined(BOTAN_TARGET_OS_HAS_WIN32) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) |
439 | | const std::string name(name_view); |
440 | | char val[128] = {0}; |
441 | | size_t req_size = 0; |
442 | | if(getenv_s(&req_size, val, sizeof(val), name.c_str()) == 0) { |
443 | | // Microsoft's implementation always writes a terminating \0, |
444 | | // and includes it in the reported length of the environment variable |
445 | | // if a value exists. |
446 | | if(req_size > 0 && val[req_size - 1] == '\0') { |
447 | | value_out = std::string(val); |
448 | | } else { |
449 | | value_out = std::string(val, req_size); |
450 | | } |
451 | | return true; |
452 | | } |
453 | | #else |
454 | 2 | const std::string name(name_view); |
455 | 2 | if(const char* val = std::getenv(name.c_str())) { |
456 | 0 | value_out = val; |
457 | 0 | return true; |
458 | 0 | } |
459 | 2 | #endif |
460 | | |
461 | 2 | return false; |
462 | 2 | } |
463 | | |
464 | 0 | size_t OS::read_env_variable_sz(std::string_view name, size_t def) { |
465 | 0 | std::string value; |
466 | 0 | if(read_env_variable(value, name) && !value.empty()) { |
467 | 0 | try { |
468 | 0 | const size_t val = std::stoul(value, nullptr); |
469 | 0 | return val; |
470 | 0 | } catch(std::exception&) { /* ignore it */ |
471 | 0 | } |
472 | 0 | } |
473 | | |
474 | 0 | return def; |
475 | 0 | } |
476 | | |
477 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
478 | | |
479 | | namespace { |
480 | | |
481 | 0 | int get_locked_fd() { |
482 | | #if defined(BOTAN_TARGET_OS_IS_IOS) || defined(BOTAN_TARGET_OS_IS_MACOS) |
483 | | // On Darwin, tagging anonymous pages allows vmmap to track these. |
484 | | // Allowed from 240 to 255 for userland applications |
485 | | static constexpr int default_locked_fd = 255; |
486 | | int locked_fd = default_locked_fd; |
487 | | |
488 | | if(size_t locked_fdl = OS::read_env_variable_sz("BOTAN_LOCKED_FD", default_locked_fd)) { |
489 | | if(locked_fdl < 240 || locked_fdl > 255) { |
490 | | locked_fdl = default_locked_fd; |
491 | | } |
492 | | locked_fd = static_cast<int>(locked_fdl); |
493 | | } |
494 | | return VM_MAKE_TAG(locked_fd); |
495 | | #else |
496 | 0 | return -1; |
497 | 0 | #endif |
498 | 0 | } |
499 | | |
500 | | } // namespace |
501 | | |
502 | | #endif |
503 | | |
504 | 0 | std::vector<void*> OS::allocate_locked_pages(size_t count) { |
505 | 0 | std::vector<void*> result; |
506 | |
|
507 | 0 | #if(defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK)) || \ |
508 | 0 | defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
509 | |
|
510 | 0 | result.reserve(count); |
511 | |
|
512 | 0 | const size_t page_size = OS::system_page_size(); |
513 | |
|
514 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
515 | 0 | static const int locked_fd = get_locked_fd(); |
516 | 0 | #endif |
517 | |
|
518 | 0 | for(size_t i = 0; i != count; ++i) { |
519 | 0 | void* ptr = nullptr; |
520 | |
|
521 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
522 | |
|
523 | 0 | int mmap_flags = MAP_PRIVATE; |
524 | |
|
525 | 0 | #if defined(MAP_ANONYMOUS) |
526 | 0 | mmap_flags |= MAP_ANONYMOUS; |
527 | | #elif defined(MAP_ANON) |
528 | | mmap_flags |= MAP_ANON; |
529 | | #endif |
530 | |
|
531 | | #if defined(MAP_CONCEAL) |
532 | | mmap_flags |= MAP_CONCEAL; |
533 | | #elif defined(MAP_NOCORE) |
534 | | mmap_flags |= MAP_NOCORE; |
535 | | #endif |
536 | |
|
537 | 0 | int mmap_prot = PROT_READ | PROT_WRITE; |
538 | |
|
539 | | #if defined(PROT_MAX) |
540 | | mmap_prot |= PROT_MAX(mmap_prot); |
541 | | #endif |
542 | |
|
543 | 0 | ptr = ::mmap(nullptr, |
544 | 0 | 3 * page_size, |
545 | 0 | mmap_prot, |
546 | 0 | mmap_flags, |
547 | 0 | /*fd=*/locked_fd, |
548 | 0 | /*offset=*/0); |
549 | |
|
550 | 0 | if(ptr == MAP_FAILED) { |
551 | 0 | continue; |
552 | 0 | } |
553 | | |
554 | | // lock the data page |
555 | 0 | if(::mlock(static_cast<uint8_t*>(ptr) + page_size, page_size) != 0) { |
556 | 0 | ::munmap(ptr, 3 * page_size); |
557 | 0 | continue; |
558 | 0 | } |
559 | | |
560 | 0 | #if defined(MADV_DONTDUMP) |
561 | | // we ignore errors here, as DONTDUMP is just a bonus |
562 | 0 | ::madvise(static_cast<uint8_t*>(ptr) + page_size, page_size, MADV_DONTDUMP); |
563 | 0 | #endif |
564 | |
|
565 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
566 | | ptr = ::VirtualAlloc(nullptr, 3 * page_size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); |
567 | | |
568 | | if(ptr == nullptr) |
569 | | continue; |
570 | | |
571 | | if(::VirtualLock(static_cast<uint8_t*>(ptr) + page_size, page_size) == 0) { |
572 | | ::VirtualFree(ptr, 0, MEM_RELEASE); |
573 | | continue; |
574 | | } |
575 | | #endif |
576 | |
|
577 | 0 | std::memset(ptr, 0, 3 * page_size); // zero data page and both guard pages |
578 | | |
579 | | // Attempts to name the data page |
580 | 0 | page_named(ptr, 3 * page_size); |
581 | | // Make guard page preceeding the data page |
582 | 0 | page_prohibit_access(static_cast<uint8_t*>(ptr)); |
583 | | // Make guard page following the data page |
584 | 0 | page_prohibit_access(static_cast<uint8_t*>(ptr) + 2 * page_size); |
585 | |
|
586 | 0 | result.push_back(static_cast<uint8_t*>(ptr) + page_size); |
587 | 0 | } |
588 | | #else |
589 | | BOTAN_UNUSED(count); |
590 | | #endif |
591 | |
|
592 | 0 | return result; |
593 | 0 | } |
594 | | |
595 | 0 | void OS::page_allow_access(void* page) { |
596 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
597 | 0 | const size_t page_size = OS::system_page_size(); |
598 | 0 | ::mprotect(page, page_size, PROT_READ | PROT_WRITE); |
599 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
600 | | const size_t page_size = OS::system_page_size(); |
601 | | DWORD old_perms = 0; |
602 | | ::VirtualProtect(page, page_size, PAGE_READWRITE, &old_perms); |
603 | | BOTAN_UNUSED(old_perms); |
604 | | #else |
605 | | BOTAN_UNUSED(page); |
606 | | #endif |
607 | 0 | } |
608 | | |
609 | 0 | void OS::page_prohibit_access(void* page) { |
610 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
611 | 0 | const size_t page_size = OS::system_page_size(); |
612 | 0 | ::mprotect(page, page_size, PROT_NONE); |
613 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
614 | | const size_t page_size = OS::system_page_size(); |
615 | | DWORD old_perms = 0; |
616 | | ::VirtualProtect(page, page_size, PAGE_NOACCESS, &old_perms); |
617 | | BOTAN_UNUSED(old_perms); |
618 | | #else |
619 | | BOTAN_UNUSED(page); |
620 | | #endif |
621 | 0 | } |
622 | | |
623 | 0 | void OS::free_locked_pages(const std::vector<void*>& pages) { |
624 | 0 | const size_t page_size = OS::system_page_size(); |
625 | |
|
626 | 0 | for(size_t i = 0; i != pages.size(); ++i) { |
627 | 0 | void* ptr = pages[i]; |
628 | |
|
629 | 0 | secure_scrub_memory(ptr, page_size); |
630 | | |
631 | | // ptr points to the data page, guard pages are before and after |
632 | 0 | page_allow_access(static_cast<uint8_t*>(ptr) - page_size); |
633 | 0 | page_allow_access(static_cast<uint8_t*>(ptr) + page_size); |
634 | |
|
635 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) |
636 | 0 | ::munlock(ptr, page_size); |
637 | 0 | ::munmap(static_cast<uint8_t*>(ptr) - page_size, 3 * page_size); |
638 | | #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) |
639 | | ::VirtualUnlock(ptr, page_size); |
640 | | ::VirtualFree(static_cast<uint8_t*>(ptr) - page_size, 0, MEM_RELEASE); |
641 | | #endif |
642 | 0 | } |
643 | 0 | } |
644 | | |
645 | 0 | void OS::page_named(void* page, size_t size) { |
646 | | #if defined(BOTAN_TARGET_OS_HAS_PRCTL) && defined(PR_SET_VMA) && defined(PR_SET_VMA_ANON_NAME) |
647 | | static constexpr char name[] = "Botan mlock pool"; |
648 | | int r = prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, reinterpret_cast<uintptr_t>(page), size, name); |
649 | | BOTAN_UNUSED(r); |
650 | | #else |
651 | 0 | BOTAN_UNUSED(page, size); |
652 | 0 | #endif |
653 | 0 | } |
654 | | |
655 | | #if defined(BOTAN_TARGET_OS_HAS_THREADS) |
656 | 16 | void OS::set_thread_name(std::thread& thread, const std::string& name) { |
657 | 16 | #if defined(BOTAN_TARGET_OS_IS_LINUX) || defined(BOTAN_TARGET_OS_IS_FREEBSD) || defined(BOTAN_TARGET_OS_IS_DRAGONFLY) |
658 | 16 | static_cast<void>(pthread_setname_np(thread.native_handle(), name.c_str())); |
659 | | #elif defined(BOTAN_TARGET_OS_IS_OPENBSD) |
660 | | static_cast<void>(pthread_set_name_np(thread.native_handle(), name.c_str())); |
661 | | #elif defined(BOTAN_TARGET_OS_IS_NETBSD) |
662 | | static_cast<void>(pthread_setname_np(thread.native_handle(), "%s", const_cast<char*>(name.c_str()))); |
663 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) && defined(_LIBCPP_HAS_THREAD_API_PTHREAD) |
664 | | static_cast<void>(pthread_setname_np(thread.native_handle(), name.c_str())); |
665 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) |
666 | | typedef HRESULT(WINAPI * std_proc)(HANDLE, PCWSTR); |
667 | | HMODULE kern = GetModuleHandleA("KernelBase.dll"); |
668 | | std_proc set_thread_name = reinterpret_cast<std_proc>(GetProcAddress(kern, "SetThreadDescription")); |
669 | | if(set_thread_name) { |
670 | | std::wstring w; |
671 | | auto sz = MultiByteToWideChar(CP_UTF8, 0, name.data(), -1, nullptr, 0); |
672 | | if(sz > 0) { |
673 | | w.resize(sz); |
674 | | if(MultiByteToWideChar(CP_UTF8, 0, name.data(), -1, &w[0], sz) > 0) { |
675 | | (void)set_thread_name(thread.native_handle(), w.c_str()); |
676 | | } |
677 | | } |
678 | | } |
679 | | #elif defined(BOTAN_TARGET_OS_IF_HAIKU) |
680 | | auto thread_id = get_pthread_thread_id(thread.native_handle()); |
681 | | static_cast<void>(rename_thread(thread_id, name.c_str())); |
682 | | #else |
683 | | // TODO other possible oses ? |
684 | | // macOs does not seem to allow to name threads other than the current one. |
685 | | BOTAN_UNUSED(thread, name); |
686 | | #endif |
687 | 16 | } |
688 | | #endif |
689 | | |
690 | | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && !defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
691 | | |
692 | | namespace { |
693 | | |
694 | | // NOLINTNEXTLINE(*-avoid-non-const-global-variables) |
695 | | ::sigjmp_buf g_sigill_jmp_buf; |
696 | | |
697 | 0 | void botan_sigill_handler(int /*unused*/) { |
698 | 0 | siglongjmp(g_sigill_jmp_buf, /*non-zero return value*/ 1); |
699 | 0 | } |
700 | | |
701 | | } // namespace |
702 | | |
703 | | #endif |
704 | | |
705 | 0 | int OS::run_cpu_instruction_probe(const std::function<int()>& probe_fn) { |
706 | 0 | volatile int probe_result = -3; |
707 | |
|
708 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && !defined(BOTAN_TARGET_OS_IS_EMSCRIPTEN) |
709 | 0 | struct sigaction old_sigaction; |
710 | 0 | struct sigaction sigaction; |
711 | |
|
712 | 0 | sigaction.sa_handler = botan_sigill_handler; |
713 | 0 | sigemptyset(&sigaction.sa_mask); |
714 | 0 | sigaction.sa_flags = 0; |
715 | |
|
716 | 0 | int rc = ::sigaction(SIGILL, &sigaction, &old_sigaction); |
717 | |
|
718 | 0 | if(rc != 0) { |
719 | 0 | throw System_Error("run_cpu_instruction_probe sigaction failed", errno); |
720 | 0 | } |
721 | | |
722 | 0 | rc = sigsetjmp(g_sigill_jmp_buf, /*save sigs*/ 1); |
723 | |
|
724 | 0 | if(rc == 0) { |
725 | | // first call to sigsetjmp |
726 | 0 | probe_result = probe_fn(); |
727 | 0 | } else if(rc == 1) { |
728 | | // non-local return from siglongjmp in signal handler: return error |
729 | 0 | probe_result = -1; |
730 | 0 | } |
731 | | |
732 | | // Restore old SIGILL handler, if any |
733 | 0 | rc = ::sigaction(SIGILL, &old_sigaction, nullptr); |
734 | 0 | if(rc != 0) { |
735 | 0 | throw System_Error("run_cpu_instruction_probe sigaction restore failed", errno); |
736 | 0 | } |
737 | | |
738 | | #else |
739 | | BOTAN_UNUSED(probe_fn); |
740 | | #endif |
741 | | |
742 | 0 | return probe_result; |
743 | 0 | } |
744 | | |
745 | 0 | std::unique_ptr<OS::Echo_Suppression> OS::suppress_echo_on_terminal() { |
746 | 0 | #if defined(BOTAN_TARGET_OS_HAS_POSIX1) |
747 | 0 | class POSIX_Echo_Suppression : public Echo_Suppression { |
748 | 0 | public: |
749 | 0 | POSIX_Echo_Suppression() { |
750 | 0 | m_stdin_fd = fileno(stdin); |
751 | 0 | if(::tcgetattr(m_stdin_fd, &m_old_termios) != 0) { |
752 | 0 | throw System_Error("Getting terminal status failed", errno); |
753 | 0 | } |
754 | | |
755 | 0 | struct termios noecho_flags = m_old_termios; |
756 | 0 | noecho_flags.c_lflag &= ~ECHO; |
757 | 0 | noecho_flags.c_lflag |= ECHONL; |
758 | |
|
759 | 0 | if(::tcsetattr(m_stdin_fd, TCSANOW, &noecho_flags) != 0) { |
760 | 0 | throw System_Error("Clearing terminal echo bit failed", errno); |
761 | 0 | } |
762 | 0 | } |
763 | |
|
764 | 0 | void reenable_echo() override { |
765 | 0 | if(m_stdin_fd > 0) { |
766 | 0 | if(::tcsetattr(m_stdin_fd, TCSANOW, &m_old_termios) != 0) { |
767 | 0 | throw System_Error("Restoring terminal echo bit failed", errno); |
768 | 0 | } |
769 | 0 | m_stdin_fd = -1; |
770 | 0 | } |
771 | 0 | } |
772 | |
|
773 | 0 | ~POSIX_Echo_Suppression() override { |
774 | 0 | try { |
775 | 0 | reenable_echo(); |
776 | 0 | } catch(...) {} |
777 | 0 | } |
778 | |
|
779 | 0 | POSIX_Echo_Suppression(const POSIX_Echo_Suppression& other) = delete; |
780 | 0 | POSIX_Echo_Suppression(POSIX_Echo_Suppression&& other) = delete; |
781 | 0 | POSIX_Echo_Suppression& operator=(const POSIX_Echo_Suppression& other) = delete; |
782 | 0 | POSIX_Echo_Suppression& operator=(POSIX_Echo_Suppression&& other) = delete; |
783 | |
|
784 | 0 | private: |
785 | 0 | int m_stdin_fd; |
786 | 0 | struct termios m_old_termios; |
787 | 0 | }; |
788 | |
|
789 | 0 | return std::make_unique<POSIX_Echo_Suppression>(); |
790 | |
|
791 | | #elif defined(BOTAN_TARGET_OS_HAS_WIN32) |
792 | | |
793 | | class Win32_Echo_Suppression : public Echo_Suppression { |
794 | | public: |
795 | | Win32_Echo_Suppression() { |
796 | | m_input_handle = ::GetStdHandle(STD_INPUT_HANDLE); |
797 | | if(::GetConsoleMode(m_input_handle, &m_console_state) == 0) |
798 | | throw System_Error("Getting console mode failed", ::GetLastError()); |
799 | | |
800 | | DWORD new_mode = ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT; |
801 | | if(::SetConsoleMode(m_input_handle, new_mode) == 0) |
802 | | throw System_Error("Setting console mode failed", ::GetLastError()); |
803 | | } |
804 | | |
805 | | void reenable_echo() override { |
806 | | if(m_input_handle != INVALID_HANDLE_VALUE) { |
807 | | if(::SetConsoleMode(m_input_handle, m_console_state) == 0) |
808 | | throw System_Error("Setting console mode failed", ::GetLastError()); |
809 | | m_input_handle = INVALID_HANDLE_VALUE; |
810 | | } |
811 | | } |
812 | | |
813 | | ~Win32_Echo_Suppression() override { |
814 | | try { |
815 | | reenable_echo(); |
816 | | } catch(...) {} |
817 | | } |
818 | | |
819 | | Win32_Echo_Suppression(const Win32_Echo_Suppression& other) = delete; |
820 | | Win32_Echo_Suppression(Win32_Echo_Suppression&& other) = delete; |
821 | | Win32_Echo_Suppression& operator=(const Win32_Echo_Suppression& other) = delete; |
822 | | Win32_Echo_Suppression& operator=(Win32_Echo_Suppression&& other) = delete; |
823 | | |
824 | | private: |
825 | | HANDLE m_input_handle; |
826 | | DWORD m_console_state; |
827 | | }; |
828 | | |
829 | | return std::make_unique<Win32_Echo_Suppression>(); |
830 | | |
831 | | #else |
832 | | |
833 | | // Not supported on this platform, return null |
834 | | return nullptr; |
835 | | #endif |
836 | 0 | } |
837 | | |
838 | | } // namespace Botan |