Coverage Report

Created: 2023-09-25 06:27

/src/abseil-cpp/absl/debugging/internal/address_is_readable.cc
Line
Count
Source (jump to first uncovered line)
1
// Copyright 2017 The Abseil Authors.
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//      https://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14
15
// base::AddressIsReadable() probes an address to see whether it is readable,
16
// without faulting.
17
18
#include "absl/debugging/internal/address_is_readable.h"
19
20
#if !defined(__linux__) || defined(__ANDROID__)
21
22
namespace absl {
23
ABSL_NAMESPACE_BEGIN
24
namespace debugging_internal {
25
26
// On platforms other than Linux, just return true.
27
bool AddressIsReadable(const void* /* addr */) { return true; }
28
29
}  // namespace debugging_internal
30
ABSL_NAMESPACE_END
31
}  // namespace absl
32
33
#else  // __linux__ && !__ANDROID__
34
35
#include <stdint.h>
36
#include <syscall.h>
37
#include <unistd.h>
38
39
#include "absl/base/internal/errno_saver.h"
40
#include "absl/base/internal/raw_logging.h"
41
42
namespace absl {
43
ABSL_NAMESPACE_BEGIN
44
namespace debugging_internal {
45
46
// NOTE: be extra careful about adding any interposable function calls here
47
// (such as open(), read(), etc.). These symbols may be interposed and will get
48
// invoked in contexts they don't expect.
49
//
50
// NOTE: any new system calls here may also require sandbox reconfiguration.
51
//
52
0
bool AddressIsReadable(const void *addr) {
53
  // Align address on 8-byte boundary. On aarch64, checking last
54
  // byte before inaccessible page returned unexpected EFAULT.
55
0
  const uintptr_t u_addr = reinterpret_cast<uintptr_t>(addr) & ~uintptr_t{7};
56
0
  addr = reinterpret_cast<const void *>(u_addr);
57
58
  // rt_sigprocmask below will succeed for this input.
59
0
  if (addr == nullptr) return false;
60
61
0
  absl::base_internal::ErrnoSaver errno_saver;
62
63
  // Here we probe with some syscall which
64
  // - accepts an 8-byte region of user memory as input
65
  // - tests for EFAULT before other validation
66
  // - has no problematic side-effects
67
  //
68
  // rt_sigprocmask(2) works for this.  It copies sizeof(kernel_sigset_t)==8
69
  // bytes from the address into the kernel memory before any validation.
70
  //
71
  // The call can never succeed, since the `how` parameter is not one of
72
  // SIG_BLOCK, SIG_UNBLOCK, SIG_SETMASK.
73
  //
74
  // This strategy depends on Linux implementation details,
75
  // so we rely on the test to alert us if it stops working.
76
  //
77
  // Some discarded past approaches:
78
  // - msync() doesn't reject PROT_NONE regions
79
  // - write() on /dev/null doesn't return EFAULT
80
  // - write() on a pipe requires creating it and draining the writes
81
  // - connect() works but is problematic for sandboxes and needs a valid
82
  //   file descriptor
83
  //
84
  // This can never succeed (invalid first argument to sigprocmask).
85
0
  ABSL_RAW_CHECK(syscall(SYS_rt_sigprocmask, ~0, addr, nullptr,
86
0
                         /*sizeof(kernel_sigset_t)*/ 8) == -1,
87
0
                 "unexpected success");
88
0
  ABSL_RAW_CHECK(errno == EFAULT || errno == EINVAL, "unexpected errno");
89
0
  return errno != EFAULT;
90
0
}
91
92
}  // namespace debugging_internal
93
ABSL_NAMESPACE_END
94
}  // namespace absl
95
96
#endif  // __linux__ && !__ANDROID__