/src/SockFuzzer/fuzz/fakes/zalloc.c

Source (jump to first uncovered line)
/*
 * Copyright 2021 Google LLC
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#include <kern/assert.h>
#include <stdbool.h>
#include <stdint.h>
#include <string.h>

#include "osfmk/kern/kalloc.h"
#include "osfmk/kern/zalloc_internal.h"
#include "osfmk/mach/i386/kern_return.h"
#include "BUILD/obj/EXPORT_HDRS/osfmk/kern/zalloc.h"

int printf(const char*, ...) __printflike(1, 2);

void free(void *ptr);

// We link these in from libc/asan
void* malloc(size_t size);
void* calloc(size_t nmemb, size_t size);
void free(void* ptr);
int posix_memalign(void** memptr, size_t alignment, size_t size);

struct zone* zinit(uintptr_t size, uintptr_t max, uintptr_t alloc,
                   const char* name) {
  struct zone* zone = (struct zone*)calloc(1, sizeof(struct zone));
  zone->z_elem_size = size;
  return zone;
}

zone_t zone_create(
  const char             *name,
  vm_size_t               size,
  zone_create_flags_t     flags)
{
  struct zone* zone = (struct zone*)calloc(1, sizeof(struct zone));
  zone->z_elem_size = size;
  return zone;
}

// TODO: validation here
void zone_change() { return; }

void* zalloc(struct zone* zone) {
  assert(zone != NULL);
  return calloc(1, zone->z_elem_size);
}

void* zalloc_noblock(struct zone* zone) { return zalloc(zone); }

extern void     zfree(
  zone_or_view_t  zone_or_view,
  void            *elem) {
  (void)zone_or_view;
  free(elem);
}

int cpu_number() { return 0; }

void* kalloc_canblock(size_t* psize, bool canblock, void* site) {
  return malloc(*psize);
}

static bool mb_is_ready = false;
extern unsigned char* mbutl;
extern unsigned char* embutl;
static size_t current_page = 0;

uintptr_t kmem_mb_alloc(unsigned int mbmap, int size, int physContig,
                        int* err) {
  *err = 0;

  if (!mb_is_ready) {
    // 268 MB
    *err = posix_memalign((void**)&mbutl, 4096, 4096 * 65535);
    if (*err) {
      return 0;
    }
    embutl = (unsigned char*)((uintptr_t)mbutl + (4096 * 65535));

    mb_is_ready = true;
  }

  assert(mbutl);
  int pages = size / 4096;
  uintptr_t ret = (uintptr_t)mbutl + (current_page * 4096);
  current_page += pages;

  return ret;
}

// TODO: actually simulate physical page mappings
unsigned int pmap_find_phys(int pmap, uintptr_t va) { return 0; }

void* __MALLOC_ZONE(size_t size, int type, int flags,
                    vm_allocation_site_t* site) {
  return malloc(size);
}

void _FREE_ZONE(void* elem, size_t size, int type) { free(elem); }

#undef kfree
void kfree(void* data, size_t size) { free(data); }

void* realloc(void* ptr, size_t size);

void* __REALLOC(void* addr, size_t size, int type, int flags,
                vm_allocation_site_t* site) {
  void* ptr = realloc(addr, size);
  return ptr;
}

void OSFree(void* ptr, uint32_t size, void* tag) { free(ptr); }

void* OSMalloc(uint32_t size, void* tag) {
  return malloc(size);
}

SECURITY_READ_ONLY_LATE(struct kalloc_heap) KHEAP_DATA_BUFFERS[1] = {
  {
    .kh_zones    = NULL,
    .kh_name     = "data.",
    .kh_heap_id  = KHEAP_ID_DATA_BUFFERS,
  }
};

SECURITY_READ_ONLY_LATE(struct kalloc_heap) KHEAP_DEFAULT[1] = {
  {
    .kh_zones    = NULL,
    .kh_name     = "default.",
    .kh_heap_id  = KHEAP_ID_DEFAULT,
  }
};

KALLOC_HEAP_DEFINE(KHEAP_TEMP, "temp allocations", KHEAP_ID_DEFAULT);

ZONE_VIEW_DEFINE(ZV_NAMEI, "vfs.namei", KHEAP_ID_DATA_BUFFERS, 1024);

void abort() {
  __builtin_trap();
}

#undef kheap_free
extern void
kheap_free(
  kalloc_heap_t heap,
  void         *data,
  vm_size_t     size) {
  free(data);
}

__startup_func
void
zone_create_startup(struct zone_create_startup_spec *spec)
{
  *spec->z_var = zone_create(spec->z_name, spec->z_size,
      spec->z_flags);
}

_Atomic uint32_t bt_init_flag = 0;

struct kalloc_result
kalloc_ext(
  kalloc_heap_t         kheap,
  vm_size_t             req_size,
  zalloc_flags_t        flags,
  vm_allocation_site_t  *site) {
  void *addr = malloc(req_size);
  if (flags & Z_ZERO) {
    bzero(addr, req_size);
  }
  return (struct kalloc_result){ .addr = addr, .size = req_size };
}

void *zalloc_flags(union zone_or_view zov, zalloc_flags_t flags) {
  return zalloc(zov.zov_zone);
}

#undef kheap_free_addr
void kheap_free_addr(
  kalloc_heap_t         heap,
  void                 *addr) {
  free(addr);
}

void *zalloc_permanent(vm_size_t size, vm_offset_t mask) {
  return malloc(size);
}

Coverage Report

Created: 2024-10-03 06:24

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2021 Google LLC
3		*
4		* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5		*
6		* This file contains Original Code and/or Modifications of Original Code
7		* as defined in and that are subject to the Apple Public Source License
8		* Version 2.0 (the 'License'). You may not use this file except in
9		* compliance with the License. The rights granted to you under the License
10		* may not be used to create, or enable the creation or redistribution of,
11		* unlawful or unlicensed copies of an Apple operating system, or to
12		* circumvent, violate, or enable the circumvention or violation of, any
13		* terms of an Apple operating system software license agreement.
14		*
15		* Please obtain a copy of the License at
16		* http://www.opensource.apple.com/apsl/ and read it before using this file.
17		*
18		* The Original Code and all software distributed under the License are
19		* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20		* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21		* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22		* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23		* Please see the License for the specific language governing rights and
24		* limitations under the License.
25		*
26		* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27		*/
28
29		#include <kern/assert.h>
30		#include <stdbool.h>
31		#include <stdint.h>
32		#include <string.h>
33
34		#include "osfmk/kern/kalloc.h"
35		#include "osfmk/kern/zalloc_internal.h"
36		#include "osfmk/mach/i386/kern_return.h"
37		#include "BUILD/obj/EXPORT_HDRS/osfmk/kern/zalloc.h"
38
39		int printf(const char*, ...) __printflike(1, 2);
40
41		void free(void *ptr);
42
43		// We link these in from libc/asan
44		void* malloc(size_t size);
45		void* calloc(size_t nmemb, size_t size);
46		void free(void* ptr);
47		int posix_memalign(void** memptr, size_t alignment, size_t size);
48
49		struct zone* zinit(uintptr_t size, uintptr_t max, uintptr_t alloc,
50	0	const char* name) {
51	0	struct zone* zone = (struct zone*)calloc(1, sizeof(struct zone));
52	0	zone->z_elem_size = size;
53	0	return zone;
54	0	}
55
56		zone_t zone_create(
57		const char *name,
58		vm_size_t size,
59		zone_create_flags_t flags)
60	100	{
61	100	struct zone* zone = (struct zone*)calloc(1, sizeof(struct zone));
62	100	zone->z_elem_size = size;
63	100	return zone;
64	100	}
65
66		// TODO: validation here
67	0	void zone_change() { return; }
68
69	4.43M	void* zalloc(struct zone* zone) {
70	4.43M	assert(zone != NULL);
71	0	return calloc(1, zone->z_elem_size);
72	4.43M	}
73
74	0	void* zalloc_noblock(struct zone* zone) { return zalloc(zone); }
75
76		extern void zfree(
77		zone_or_view_t zone_or_view,
78	4.33M	void *elem) {
79	4.33M	(void)zone_or_view;
80	4.33M	free(elem);
81	4.33M	}
82
83	0	int cpu_number() { return 0; }
84
85	0	void* kalloc_canblock(size_t* psize, bool canblock, void* site) {
86	0	return malloc(*psize);
87	0	}
88
89		static bool mb_is_ready = false;
90		extern unsigned char* mbutl;
91		extern unsigned char* embutl;
92		static size_t current_page = 0;
93
94		uintptr_t kmem_mb_alloc(unsigned int mbmap, int size, int physContig,
95	0	int* err) {
96	0	*err = 0;
97
98	0	if (!mb_is_ready) {
99		// 268 MB
100	0	err = posix_memalign((void)&mbutl, 4096, 4096 65535);
101	0	if (*err) {
102	0	return 0;
103	0	}
104	0	embutl = (unsigned char)((uintptr_t)mbutl + (4096 65535));
105
106	0	mb_is_ready = true;
107	0	}
108
109	0	assert(mbutl);
110	0	int pages = size / 4096;
111	0	uintptr_t ret = (uintptr_t)mbutl + (current_page * 4096);
112	0	current_page += pages;
113
114	0	return ret;
115	0	}
116
117		// TODO: actually simulate physical page mappings
118	0	unsigned int pmap_find_phys(int pmap, uintptr_t va) { return 0; }
119
120		void* __MALLOC_ZONE(size_t size, int type, int flags,
121	0	vm_allocation_site_t* site) {
122	0	return malloc(size);
123	0	}
124
125	0	void _FREE_ZONE(void* elem, size_t size, int type) { free(elem); }
126
127		#undef kfree
128	331k	void kfree(void* data, size_t size) { free(data); }
129
130		void* realloc(void* ptr, size_t size);
131
132		void* __REALLOC(void* addr, size_t size, int type, int flags,
133	1	vm_allocation_site_t* site) {
134	1	void* ptr = realloc(addr, size);
135	1	return ptr;
136	1	}
137
138	0	void OSFree(void* ptr, uint32_t size, void* tag) { free(ptr); }
139
140	0	void* OSMalloc(uint32_t size, void* tag) {
141	0	return malloc(size);
142	0	}
143
144		SECURITY_READ_ONLY_LATE(struct kalloc_heap) KHEAP_DATA_BUFFERS[1] = {
145		{
146		.kh_zones = NULL,
147		.kh_name = "data.",
148		.kh_heap_id = KHEAP_ID_DATA_BUFFERS,
149		}
150		};
151
152		SECURITY_READ_ONLY_LATE(struct kalloc_heap) KHEAP_DEFAULT[1] = {
153		{
154		.kh_zones = NULL,
155		.kh_name = "default.",
156		.kh_heap_id = KHEAP_ID_DEFAULT,
157		}
158		};
159
160		KALLOC_HEAP_DEFINE(KHEAP_TEMP, "temp allocations", KHEAP_ID_DEFAULT);
161
162		ZONE_VIEW_DEFINE(ZV_NAMEI, "vfs.namei", KHEAP_ID_DATA_BUFFERS, 1024);
163
164	0	void abort() {
165	0	__builtin_trap();
166	0	}
167
168		#undef kheap_free
169		extern void
170		kheap_free(
171		kalloc_heap_t heap,
172		void *data,
173	289k	vm_size_t size) {
174	289k	free(data);
175	289k	}
176
177		__startup_func
178		void
179		zone_create_startup(struct zone_create_startup_spec *spec)
180	54	{
181	54	*spec->z_var = zone_create(spec->z_name, spec->z_size,
182	54	spec->z_flags);
183	54	}
184
185		_Atomic uint32_t bt_init_flag = 0;
186
187		struct kalloc_result
188		kalloc_ext(
189		kalloc_heap_t kheap,
190		vm_size_t req_size,
191		zalloc_flags_t flags,
192	620k	vm_allocation_site_t *site) {
193	620k	void *addr = malloc(req_size);
194	620k	if (flags & Z_ZERO) {
195	19.2k	bzero(addr, req_size);
196	19.2k	}
197	620k	return (struct kalloc_result){ .addr = addr, .size = req_size };
198	620k	}
199
200	2.70M	void *zalloc_flags(union zone_or_view zov, zalloc_flags_t flags) {
201	2.70M	return zalloc(zov.zov_zone);
202	2.70M	}
203
204		#undef kheap_free_addr
205		void kheap_free_addr(
206		kalloc_heap_t heap,
207	1.08M	void *addr) {
208	1.08M	free(addr);
209	1.08M	}
210
211	5	void *zalloc_permanent(vm_size_t size, vm_offset_t mask) {
212	5	return malloc(size);
213	5	}